On Fri, Oct 15, 2004 at 03:41:59PM -0700, Madhusudan Mathihalli wrote: > Well.. for one use I have atleast 2 different customers who map the > information retrieved from a client certficate to the LDAP database. > Both of them came back with the same question: Does SSL_CLIENT_S_DN > conform to any known standard. The one standard I know for > representing DN are the 1779 and 2253. Are there any other standards > - if so, please let me know for I'm unaware.
As far as I'm aware, it's just a convention adopted by OpenSSL. > > > The patch is pretty simple if we want to change mod_ssl to use the RFC > > > supported style. However, there are probably a lot of users who will > > > not be happy if we change it abruptly. Hence I propose that we add a > > > new SSL directive (SSLDNFormat or something like that) which allows > > > the user to configure the format he likes (default will be the non-RFC > > > compliant). > > > > Which use of DNs do you want to change? Controlling these disparate uses > > of DNs from one config directive sounds confusing. > > Okay - what do you suggest ? Changing just the _DN variable format with a config directive sounds OK. Adding new variables would be an alternative, but the names would probably get *really* ugly... joe
