Neat... I'd avoid doing separate strcEQs for V3EXT_ and the rest separately since strcasecmp is slow; and I'd also omit the V3EXT_ from the name completely, just call it SSL_*_SUBJECT_ALTNAME or something and do the one strcEQ in var_lookup_ssl_cert.
I was assuming that at some point, it may be desirable to export data of other X509v3 extensions, and this would provide a clean separation. But, I see your point and will change the patch if people agree that no such separation is needed.
Adding this in +StdEnvVars might be a bit much...
Okay; adding another directive would obviously require a larger change, but it doesn't look too complicated and I'm willing to, if there is agreement that a "ExtEnvVars" or "AdvEnvVars" is desirable.
How does OpenSSL serialize the altname extension if it contains multiple names; is it usable in SSLRequire then?
It would look like: "DNS:some.host.example.com, IP Address:10.0.0.1". So, usable in SSLRequire although perhaps not as useful as it could be.
-Kevin
--------------------------------------------------- Kevin C. Miller <[EMAIL PROTECTED]> Network Development Carnegie Mellon University ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]