Hi all, I am trying to solve the problem of limiting access to those who present a client cert containing a specific extKeyUsage OID.
So far, the config that I have for httpd-trunk is this:
SSLRequire "1.3.6.1.5.5.7.3.4" in PeerExtList("2.5.29.37")
Stepping through the code in a debugger, the PeerExtList() returns a
list containing just one single entry in the list: "A, B, C", when in
theory, it should return an actual list "A, "B", "C".
As a result, while stepping through the code, an attempt is made to
compare "B" with "A, B, C", and this comparison fails, and we get 403
forbidden (I would have expected it to compare "B" to "A", "B" and then
(not) "C" in turn, resulting in success).
Can someone confirm for me whether I am using SSLRequire correctly, or
whether I have found something that needs a patch?
I tried this also on httpd-2.2, using the config below, and this gives
the same behaviour:
SSLRequire "1.3.6.1.5.5.7.3.4" in OID("2.5.29.37")
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
