This may help you; I patched mod_ssl to retrieve the certificate DN in RFC2253 [LDAP-compliant] format, instead of the deprecated method currently used: --- http-2.2.15-baseline/modules/ssl//ssl_engine_vars.c Sat Feb 27 16:00:58 2010 --- http-2.2.15/modules/ssl//ssl_engine_vars.c Tue Mar 23 14:22:53 2010 @@ -367,10 +367,20 @@ } else if (strcEQ(var, "S_DN")) { xsname = X509_get_subject_name(xs); - cp = X509_NAME_oneline(xsname, NULL, 0); - result = apr_pstrdup(p, cp); - modssl_free(cp); - resdup = FALSE; + BIO *bio; + int n; + + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + result = NULL; + } else { + X509_NAME_print_ex(bio, xsname, 0, XN_FLAG_RFC2253); + n = BIO_pending(bio); + result = apr_pcalloc(p, n+1); + n = BIO_read(bio, result, n); + result[n] = NUL; + BIO_free(bio); + resdup = FALSE; + } } else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) { xsname = X509_get_subject_name(xs)
See also: http://mail-archives.apache.org/mod_mbox/httpd-modules-dev/201003.mbox/% 3c5045a4d718cab644ba24979206486b60067a4...@hptimail03.hpti.com%3e ________________________________ From: Luis Neves [mailto:luisne...@hotmail.com] Sent: Thursday, April 29, 2010 10:34 AM To: users@httpd.apache.org Subject: [us...@httpd] Incorrect conversion of UTF-8 characters comming from X.509 certificates, please help Hi there, I am trying to match the values coming from apache/mod_ssl/mod_authz_ldap against some fields (subjectDN and issuerDN) in an Openldap directory the problem is that Apache is receiving certificate data that contains UTF8 encoded chars That chars are being incorrectly encoded with '\x' characters (deprecated source code? bug?) and this is making the effect of mod_authz_ldap failing the query with "bad search filter" error Here some example data on the ssl_error.log http://www.mail-archive.com/openssl-us...@openssl.org/msg60934.html I need help on solving this, Iam sucked and dont know what to do to put this thing working Can someboby help me please? PS: Im using Apache 2.2.3 on a Centos 5.4, against openldap Luis ________________________________ Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up now. <https://signup.live.com/signup.aspx?id=60969>