Environment variables question

2005-10-11 Thread Dr. Harry Knitter 
Hello,

I have a question about the meaning of some environment variables for mod_ssl.

What do the fields T, I, G, S, and D in subject or issuer DNs mean, 
respectively, to which fields of a certificate do they point?

Thanks

Harry
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Environment variables question

2005-10-11 Thread BJ Swope 
Post your certificate and I'd be glad to take a look.

BJ

On 10/11/05, Dr. Harry Knitter <[EMAIL PROTECTED]> wrote:
Hello,I have a question about the meaning of some environment variables for mod_ssl.What do the fields T, I, G, S, and D in subject or issuer DNs mean,respectively, to which fields of a certificate do they point?
ThanksHarry__Apache
Interface to OpenSSL
(mod_ssl)  
www.modssl.orgUser Support Mailing
List  modssl-users@modssl.orgAutomated
List
Manager[EMAIL PROTECTED]

Re: Environment variables question

2005-10-11 Thread Dr. Harry Knitter 
Am Dienstag 11 Oktober 2005 13:09 schrieb BJ Swope:
> Post your certificate and I'd be glad to take a look.
>
> BJ
>


for what do you need my certificate to answer this question?
I simply would like to know what is the meaning of the following variables

Examples:
SSL_CLIENT_S_DN_T
SSL_CLIENT_S_DN_I
SSL_CLIENT_S_DN_G
SSL_CLIENT_S_DN_D


Harry


> On 10/11/05, Dr. Harry Knitter <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > I have a question about the meaning of some environment variables for
> > mod_ssl.
> >
> > What do the fields T, I, G, S, and D in subject or issuer DNs mean,
> > respectively, to which fields of a certificate do they point?
> >
> > Thanks
> >
> > Harry
> > __
> > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org User Support Mailing List
> > modssl-users@modssl.org
> > Automated List Manager [EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Environment variables question

2005-10-11 Thread Cliff Woolley 
> I simply would like to know what is the meaning of the following variables
>
> Examples:
> SSL_CLIENT_S_DN_T
> SSL_CLIENT_S_DN_I

There's a nice table of these at
http://www.covalent.net/resource/documentation/ers/2.0.0/productguide/html/proxymodule.html
.

I had to dig pretty good to find that, though.  I've never seen them before.  :)

--Cliff
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Environment variables question

2005-10-11 Thread Dr. Harry Knitter 
Am Dienstag 11 Oktober 2005 13:43 schrieb Cliff Woolley:
> > I simply would like to know what is the meaning of the following
> > variables
> >
> > Examples:
> > SSL_CLIENT_S_DN_T
> > SSL_CLIENT_S_DN_I
>
> There's a nice table of these at
> http://www.covalent.net/resource/documentation/ers/2.0.0/productguide/html/
>proxymodule.html .
>
> I had to dig pretty good to find that, though.  I've never seen them
> before.  :)
>
> --Cliff

Thank you very much, this was what I was searching for.

Greetings

Harry
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Environment variables question

2005-10-11 Thread BJ Swope 
I was wanting a context for the information.  Oftentimes context will provide indicators of purpose.

Re: engine format keys

2005-10-11 Thread Geoff Thorpe 
Hi Kent,

On October 6, 2005 05:01 pm, Kent Yoder wrote:
>   Yep, passphrase entry is at least part of the problem with calling
> ENGINE_load_private_key.   After a few different attempts, I'm a bit
> stumped.  The load key call wants a UI* passed to it, which eventually
> has UI_process() called on it by the engine.  I've tried various ways
> of stuffing the modssl_read_bio_cb_fn pointer and the server rec into
> this structure, with a custom flush function which'd get called by
> UI_process.  I haven't been able to test this approach yet, since it
> appears that openssl's UI_STRING and UI_METHOD structs aren't declared
> in a way that works in ui.h. For instance, any mention of
> sizeof(UI_STRING) brings an incomplete type error.  Any help would be
> appreciated, I may not be using the ui interface correctly.

Alas I can't give you any off-the-top hints about UI_METHOD because I 
haven't used it myself, so I've CC'd Richard who is the guy who did 
UI_METHOD. Richard, if there's anything obvious in the above snippet 
please feel free to comment. However I'd suggest taking this over to the 
openssl-dev mail list Kent - then Richard and/or others can follow up 
more meaningfully (and the subsequent discussion might be useful for 
ongoing development).

Cheers,
Geoff

-- 
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/

Même ceux qui se sentent pas des nôtres, ne nous voyant plus à genoux,
seront, plus que jamais, chez eux chez nous.
  -- Loco Locass
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

How to allow only certain Certificates

2005-10-11 Thread Dr. Harry Knitter 
Hello,

how can I restrict access to my Apache to owners of certain individual 
certificates?

I have tried the following (it doesn´t work, however):

SSLREQUIRE %{SSL_CLIENT_S_DN_UID} in {"","",...}

where  is the X509 extension Subject Key Identifyer of 
the client´s certificate.
I tried it with colons and without.
The expression always results in false.

What is the corresponding value for SSL_CLIENT_S_DN_UID in a certificate?

Thanks

Harry
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]