On Wed, Feb 02, 2005 at 10:17:04AM +0000, David Reid wrote:
Basically this allows us to gain access to the actual cert structure.
I don't like the idea of exposing the X509 * directly especially not through a char * interface. Exposing the DER representation (e.g. base64-encoded) through ssl_var_lookup would be better.
The issue is a need to get access to the internals of the structure.
The existing function doesn't meet the requirements, but I'll work up an alternative patch to add a new function that will meet them.
david
joe
Index: ssl_engine_vars.c =================================================================== --- ssl_engine_vars.c (revision 123890) +++ ssl_engine_vars.c (working copy) @@ -364,6 +364,10 @@ else if (strcEQ(var, "CERT")) { result = ssl_var_lookup_ssl_cert_PEM(p, xs); } + else if (strcEQ(var, "RAW_CERT")) { + result = (char *)xs; + resdup = FALSE; + }
if (result != NULL && resdup) result = apr_pstrdup(p, result);
