Neat... I'd avoid doing separate strcEQs for V3EXT_ and the rest
separately since strcasecmp is slow; and I'd also omit the V3EXT_ from
the name completely, just call it SSL_*_SUBJECT_ALTNAME or something and
do the one strcEQ in var_lookup_ssl_cert.

I was assuming that at some point, it may be desirable to export data of other X509v3 extensions, and this would provide a clean separation. But, I see your point and will change the patch if people agree that no such separation is needed.


Adding this in +StdEnvVars might be a bit much...

Okay; adding another directive would obviously require a larger change, but it doesn't look too complicated and I'm willing to, if there is agreement that a "ExtEnvVars" or "AdvEnvVars" is desirable.


How does OpenSSL serialize the altname extension if it contains multiple
names; is it usable in SSLRequire then?

It would look like: "DNS:some.host.example.com, IP Address:10.0.0.1". So, usable in SSLRequire although perhaps not as useful as it could be.


-Kevin

---------------------------------------------------
Kevin C. Miller <[EMAIL PROTECTED]>
Network Development
Carnegie Mellon University
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to