Hello and thanks for all your help in the past.
I'm an x SUN (iplanet/Sun ONE) employee retraining on OpenSource so I
really appreciate any help that you can give me. It's incredible to see
this community helping each other (for FREE !) and I intend to
participate actively in the future.
I've installed Fedora 12 with apache httpd-2.2.13-4.fc12.i686. I've
configured httpd for client-side certificate authentication.
Once authenticated, I have the following CGI environment variables:
SSL_CLIENT_S_DN = /O=<organization>/CN=DONNAN
David/emailAddress=david.donnan@<company>.com/UID=T1234567
SSL_CLIENT_S_DN_CN = DONNAN David
SSL_CLIENT_S_DN_Email = david.donnan@<company>.com
SSL_CLIENT_S_DN_O = <organization>
...
However, the following variable is not instantiated :
SSL_CLIENT_S_DN_UID
Note that it appears, in fact, in SSL_CLIENT_S_DN (at the end) !!
Q1. Can anyone help me instantiate this variable - is there further
apache HTTPD configuration to be done ?
_/*Notes:*/_
1. Last summer I thought the problem was related to the following BUG
and so I put this project on hold:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45107
Hence why I've waited for Fedora 12 where they say the above BUG is fixed.
2. In the past I've had a similar problem with openSSL where I must
manually change openssl.cnf as follows:
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Following line added by DD Summer 2007
uid=0.9.2342.19200300.100.1.1
Reference:
http://www.openldap.org/lists/openldap-software/200309/msg00422.html
BIG thanks to Jeff Warnica for the OpenSSL solution.
Q2. Is this related, perhaps ?
3. /etc/httpd/conf.d/ssl.conf
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache none
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 20
# SSLMutex file:logs/ssl_mutex
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/<hostname>.pem
SSLCertificateKeyFile /etc/httpd/conf/<hostname>.key
# SSLCACertificateFile /etc/httpd/conf/ca.pem
SSLCACertificateFile /etc/httpd/conf/<name>.pem
SSLVerifyClient require
SSLVerifyDepth 10
# SSLUserName SSL_CLIENT_S_DN_Email
SSLUserName SSL_CLIENT_S_DN
# SSLUserName SSL_CLIENT_S_DN_CN
# SSLUserName SSL_CLIENT_S_DN_UID
# SSLUserName SSL_CLIENT_S_DN_NID_userId
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
4. test:cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<tt>\n";
foreach $key (sort keys(%ENV)) {
print "$key = $ENV{$key}<p>";
}
Any help would be greatly appreciated, thanks, Dave
-----
