On Wed, Feb 02, 2005 at 10:17:04AM +0000, David Reid wrote: > Basically this allows us to gain access to the actual cert structure.
I don't like the idea of exposing the X509 * directly especially not through a char * interface. Exposing the DER representation (e.g. base64-encoded) through ssl_var_lookup would be better. joe > Index: ssl_engine_vars.c > =================================================================== > --- ssl_engine_vars.c (revision 123890) > +++ ssl_engine_vars.c (working copy) > @@ -364,6 +364,10 @@ > else if (strcEQ(var, "CERT")) { > result = ssl_var_lookup_ssl_cert_PEM(p, xs); > } > + else if (strcEQ(var, "RAW_CERT")) { > + result = (char *)xs; > + resdup = FALSE; > + } > > if (result != NULL && resdup) > result = apr_pstrdup(p, result);