On Mon, May 19, 2008 at 10:13:45AM +0200, Michael Ströder wrote:
> HI!
>
> (Re-sent since my message through gmane didn't come through.)
>
> Maybe I'm overlooking the obvious but it seems that env var
> SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication.
>
> The following env vars displayed in my SSI HTML text are relevant here
> (obfuscated to protect privacy):
>
> SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name
> SSL_CLIENT_S_DN_UID: (none)
>
> Is it caused by UID not being the leaf RDN?
That shouldn't make any difference. What versions of OpenSSL and
httpd/mod_ssl are you using? The "UID" DN tag is ambiguous and probably
maps to something other than what your subject DN uses.
In the current 2.x mod_ssl sources, UID maps to:
#ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
{ "UID", NID_x500UniqueIdentifier },
#else /* old name, OpenSSL < 0.9.7 */
{ "UID", NID_uniqueIdentifier },
#endif
joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
