I defined two new OIDs:
login=1.2.3.4.1
hostAddress=1.2.3.4.3
When a client certificate is requested, login is set to the user's login
name and the hostAddress is set to the host's IP address. When the client
attempts to access a restricted area of our site, his/her cert is required.
How can I check the value of login against the REMOTE_USER and the
hostAddress against REMOTE_ADDRESS? I was hoping the SSLRequire directive
could retrieve user defined OID values, but I don't know how compose the
expression.
Another idea I had was to test the values of the user defined OIDs listed
in the client cert's DN via the SSL-related variable, SSL_CLIENT_S_DN.
However, I don't know how to retrieve the value of a variable within a
regular expression. For example, if the syntax for retrieving a variable's
value within a regular expression were the same syntax used to retrieve a
variable's value within an SSLRequire expression, then the following
directive would suffice.
SSLRequire ( %{SSL_CLIENT_S_DN} =~ m/\/login=${REMOTE_USER}/ and
%{SSL_CLIENT_S_DN} =~ m/\/hostAddress=${REMOTE_ADDRESS}/ )
By the way, httpd.conf complains about an escaped slash (\/) within the
regular expression.
Is what I want to do possible and if so how?
Thank you,
Darrell
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
