Re: [PATCH] get a pointer to the raw cert from mod_ssl

Joe Orton Wed, 02 Feb 2005 02:24:56 -0800

On Wed, Feb 02, 2005 at 10:17:04AM +0000, David Reid wrote:
> Basically this allows us to gain access to the actual cert structure.


I don't like the idea of exposing the X509 * directly especially not
through a char * interface.  Exposing the DER representation (e.g.
base64-encoded) through ssl_var_lookup would be better.

joe


> Index: ssl_engine_vars.c
> ===================================================================
> --- ssl_engine_vars.c   (revision 123890)
> +++ ssl_engine_vars.c   (working copy)
> @@ -364,6 +364,10 @@
>      else if (strcEQ(var, "CERT")) {
>          result = ssl_var_lookup_ssl_cert_PEM(p, xs);
>      }
> +    else if (strcEQ(var, "RAW_CERT")) {
> +        result = (char *)xs;
> +        resdup = FALSE;
> +    }
> 
>      if (result != NULL && resdup)
>          result = apr_pstrdup(p, result);

Re: [PATCH] get a pointer to the raw cert from mod_ssl

Reply via email to