How to allow only certain Certificates

[Dr. Harry Knitter]

Hello,

how can I restrict access to my Apache to owners of certain individual 
certificates?

I have tried the following (it doesn´t work, however):

SSLREQUIRE %{SSL_CLIENT_S_DN_UID} in {Subject Key Identifyer1,Subject 
Key Identifyer2,...}

where Subject Key Identifyer is the X509 extension Subject Key Identifyer of 
the client´s certificate.
I tried it with colons and without.
The expression always results in false.

What is the corresponding value for SSL_CLIENT_S_DN_UID in a certificate?

Thanks

Harry
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: engine format keys

[Kent Yoder]

Hi Geoff,

 Alas I can't give you any off-the-top hints about UI_METHOD because I
 haven't used it myself, so I've CC'd Richard who is the guy who did
 UI_METHOD. Richard, if there's anything obvious in the above snippet
 please feel free to comment. However I'd suggest taking this over to the
 openssl-dev mail list Kent - then Richard and/or others can follow up
 more meaningfully (and the subsequent discussion might be useful for
 ongoing development).

  I haven't had time to go back and play with it much, but last time I
tried, this
program didn't compile:

#include openssl/ui.h
int main(void)
{
UI_STRING *ui = malloc(sizeof(UI_STRING));
return 0;
}

  I was going on the assumption that I'd need to stuff the secret
pulled in from the modssl callback into a UI_STRING object though,
perhaps this is wrong...  Downloading 0.9.8a now...

Kent

--
Kent Yoder
IBM LTC Security Dev.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]