Hi, I'm trying to validate incoming requests by comparing the request IP to the IP addresses provided in the client certificate subjectAltName.
Searching around, I found http://wiki.cacert.org/ApacheServerClientCertificateAuthentication, which gives an example using the email address: SSLRequire %{SSL_CLIENT_S_DN_Email} =~ m/^[^@]*@example\.com$/ or %{SSL_CLIENT_S_DN_Email_0} =~ m/^[^@]*@example\.com$/ or %{SSL_CLIENT_S_DN_Email_1} =~ m/^[^@]*@example\.com$/ or %{SSL_CLIENT_S_DN_Email_2} =~ m/^[^@]*@example\.com$/ or %{SSL_CLIENT_S_DN_Email_3} =~ m/^[^@]*@example\.com$/ But there 2 problems: 1. the IP addresses are not exported as a variables by mod_ssl (see https://bz.apache.org/bugzilla/show_bug.cgi?id=60456) 2. The number of IP addresses is variable, not sure how I could do the check with an expression The Apache Httpd is a frontend for a PHP and a Python application, so it would be nice to be able to do this filtering in one place instead of doing it at the applications level. Any suggestions? Thank you.
