On 29.10.2014 16:40, Graham Leggett wrote: > The attached patch makes the variable SSL_CLIENT_CERT_SUBJECTS > available, which contains a list of subject DNs in each certificate > in the chain. It is designed to be able to match against a full > certificate chain where the subject and issuer of the certificate > alone is not good enough to identify a certificate uniquely.
Does this relate to your post from January [1]? > The subject DNs are themselves escaped and used to create a new DN as > follows: name=subject1,name=subject2,name=subject3 (and so on). Feels like a fairly idiosyncratic solution to me (essentially sticking multiple things together into a single environment variable, with the [known] problems of how to separate them again / do proper matching in the application). I would prefer these DNs being exported to the environment in the same way as it is currently done with the SSL_CLIENT_CERT_CHAIN_n variables. Kaspar [1] https://mail-archives.apache.org/mod_mbox/httpd-dev/201401.mbox/%3C1A61F988-F33B-4E65-A141-E4516F8424CC%40sharp.fm%3E
