Hi all, I am trying to solve the problem of limiting access to those who present a client cert containing a specific extKeyUsage OID.
So far, the config that I have for httpd-trunk is this: SSLRequire "1.3.6.1.5.5.7.3.4" in PeerExtList("2.5.29.37") Stepping through the code in a debugger, the PeerExtList() returns a list containing just one single entry in the list: "A, B, C", when in theory, it should return an actual list "A, "B", "C". As a result, while stepping through the code, an attempt is made to compare "B" with "A, B, C", and this comparison fails, and we get 403 forbidden (I would have expected it to compare "B" to "A", "B" and then (not) "C" in turn, resulting in success). Can someone confirm for me whether I am using SSLRequire correctly, or whether I have found something that needs a patch? I tried this also on httpd-2.2, using the config below, and this gives the same behaviour: SSLRequire "1.3.6.1.5.5.7.3.4" in OID("2.5.29.37") Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature