Hi all, The attached patch makes the variable SSL_CLIENT_CERT_SUBJECTS available, which contains a list of subject DNs in each certificate in the chain. It is designed to be able to match against a full certificate chain where the subject and issuer of the certificate alone is not good enough to identify a certificate uniquely.
The subject DNs are themselves escaped and used to create a new DN as follows: name=subject1,name=subject2,name=subject3 (and so on). Regards, Graham —
httpd-mod_ssl-certsubjects3.patch
Description: Binary data
