I hope someone can help with the following:
1. What expression do I use to get SSLRequire to check against a client cert
with two OU's in the subject. Everything I try seems to fail in getting it
to recognise two variables. This is what I thought should work:
SSLRequire ( %{SSL_CLIENT_S_DN_O} eq "impaq.net" \
and %{SSL_CLIENT_S_DN_OU} in { "tintern",
"education" })
This doesn't work, in fact it will fail if you check against any part of the
OU attributes. Checking against the O works fine though.
2. I have written a function that will check the client subject and serial
number against a cert that is published in a remote LDAP server using SSL.
This works fine, but I need a way to include this in the above SSLrequire
checking function. This doesn't seem possible as it is. Basically I just
need to be able to call the external program, pass a few SSL env variables
and return true if successful. I would preferably like this to happen by the
apache server instead of being part of any SSI/CGI function that happens
after the server has accepted the connection.
Any ideas would be appreciated..
Thanks and regards,
Andrew.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
