On 01/02/2011 12:56 AM, s...@apache.org wrote: > Author: sf > Date: Sat Jan 1 23:56:24 2011 > New Revision: 1054323 > > URL: http://svn.apache.org/viewvc?rev=1054323&view=rev > Log: > Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables > to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and > escape other special characters with backslashes. The old format can > still be used with the LegacyDNStringFormat argument to SSLOptions. > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml > httpd/httpd/trunk/docs/manual/upgrading.xml > httpd/httpd/trunk/modules/ssl/ssl_engine_config.c > httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c > httpd/httpd/trunk/modules/ssl/ssl_private.h > httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c > httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h
> Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1054323&r1=1054322&r2=1054323&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat Jan 1 23:56:24 2011 > @@ -344,14 +344,32 @@ BOOL SSL_X509_getBC(X509 *cert, int *ca, > #endif > } > > +/* convert a NAME_ENTRY to UTF8 string */ > +char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne) > +{ > + char *result = NULL; > + BIO* bio; > + int len; > + > + if ((bio = BIO_new(BIO_s_mem())) == NULL) > + return NULL; > + ASN1_STRING_print_ex(bio, X509_NAME_ENTRY_get_data(xsne), > + ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_UTF8_CONVERT); > + len = BIO_pending(bio); > + result = apr_palloc(p, len+1); > + len = BIO_read(bio, result, len); > + result[len] = NUL; > + BIO_free(bio); > + ap_xlate_proto_from_ascii(value, len); Shouldn't that be ap_xlate_proto_from_ascii(result, len); instead? Regards Rüdiger