RE: [users@httpd] Incorrect conversion of UTF-8 characters comming from X.509 certificates, please help

[Thomas, Peter]

This may help you; I patched mod_ssl to retrieve the certificate DN in
RFC2253 [LDAP-compliant] format, instead of the deprecated method
currently used:
 
--- http-2.2.15-baseline/modules/ssl//ssl_engine_vars.c Sat Feb 27
16:00:58 2010
--- http-2.2.15/modules/ssl//ssl_engine_vars.c  Tue Mar 23 14:22:53 2010
@@ -367,10 +367,20 @@
     }
     else if (strcEQ(var, "S_DN")) {
         xsname = X509_get_subject_name(xs);
-        cp = X509_NAME_oneline(xsname, NULL, 0);
-        result = apr_pstrdup(p, cp);
-        modssl_free(cp);
-        resdup = FALSE;
+        BIO *bio;
+        int n;
+        
+        if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+            result = NULL;
+        } else {
+            X509_NAME_print_ex(bio, xsname, 0, XN_FLAG_RFC2253);
+            n = BIO_pending(bio);
+            result = apr_pcalloc(p, n+1);
+            n = BIO_read(bio, result, n);
+            result[n] = NUL;
+            BIO_free(bio);
+            resdup = FALSE;
+        }
     }
     else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
         xsname = X509_get_subject_name(xs)

See also: 
 
http://mail-archives.apache.org/mod_mbox/httpd-modules-dev/201003.mbox/%
3c5045a4d718cab644ba24979206486b60067a4...@hptimail03.hpti.com%3e
 



________________________________

        From: Luis Neves [mailto:luisne...@hotmail.com] 
        Sent: Thursday, April 29, 2010 10:34 AM
        To: users@httpd.apache.org
        Subject: [us...@httpd] Incorrect conversion of UTF-8 characters
comming from X.509 certificates, please help
        
        
        Hi there,
        I am trying to match the values coming from
apache/mod_ssl/mod_authz_ldap against some fields (subjectDN and
issuerDN) in an Openldap directory
        the problem is that Apache is receiving certificate data that
contains UTF8 encoded chars
        
        That chars are being incorrectly encoded with '\x' characters
(deprecated source code? bug?) and this is making the effect of
mod_authz_ldap failing the query with "bad search filter" error
        
        Here some example data on the ssl_error.log
        
http://www.mail-archive.com/openssl-us...@openssl.org/msg60934.html
        
        I need help on solving this, Iam sucked and dont know what to do
to put this thing working
        Can someboby help me please?
        
        PS: Im using Apache 2.2.3 on a Centos 5.4, against openldap
        
        Luis
        
        
________________________________

        Hotmail: Trusted email with Microsoft's powerful SPAM
protection. Sign up now. <https://signup.live.com/signup.aspx?id=60969>