Michael Ströder wrote:
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute
type 'uid' specified for pilotPerson). That seems right to me since
it's compliant with RFC 4514 which contains a table of short and long
attribute type names and their OIDs (end of chapter 3).
But now I don't understand the #ifdef-statement mentioned above. From
my understanding it MUST NOT reference NID_x500UniqueIdentifier. It
MUST reference NID_userId. To me that looks clearly like a bug in
mod_ssl.
Changing it would break backwards-compat which is why the #ifdef is
there (so that the _UID variable refers to the same OID regardless of
what OpenSSL version si use).
To come around this: How about letting the deployer specify the OIDs in
httpd.conf? Backwards-compability could be achieved with this.
Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]