On Mon, Mar 08, 2004 at 03:59:29PM -0500, Kevin C Miller wrote: > I've patched mod_ssl to export some V3 extension information from > certificates into the environment. We are issuing client certificates with > the Subject Alternative Name being used to specify DNS names / email > addresses and need to authenticate using this information. > > The patch is available from: > http://www.andrew.cmu.edu/~kevinm/mod_ssl-2.8.14-patch1
Neat... I'd avoid doing separate strcEQs for V3EXT_ and the rest separately since strcasecmp is slow; and I'd also omit the V3EXT_ from the name completely, just call it SSL_*_SUBJECT_ALTNAME or something and do the one strcEQ in var_lookup_ssl_cert. Adding this in +StdEnvVars might be a bit much... How does OpenSSL serialize the altname extension if it contains multiple names; is it usable in SSLRequire then? (I don't speak for whether it's acceptable to Ralf for inclusion in mod_ssl 2.8, of course :) Regards, joe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
