On Thu, Feb 16, 2017 at 2:49 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
> On Tue, Feb 14, 2017 at 1:24 PM, Andrei Ivanov <andrei.iva...@gmail.com>
> wrote:
> >
> > I'm using mod_nss exactly because mod_ssl doesn't expose that variable
> and
> > my issue that requests that is sitting ignored for 2 months now :-(
>
> Did you try something with SSLRequire or a <if> expression like
> "'<myip>' -in PeerExtList('2.5.29.17')" ?
>
> I never tested it, but since '2.5.29.17' is the OID for the
> certificate's SAN, and PeerExtList() may return the list of the inner
> strings, it could possibly work...
>
>
I gave it a try, but seems to reach the same limitation of the expression
engine :-(
NSSRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
or
Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"
AH00526: Syntax error on line 229 of /etc/httpd/conf.d/nss.conf:
Cannot parse expression in require line: syntax error, unexpected $end
>
> Regards,
> Yann.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
