I made a patch to ssl_engine_kernel.c in Apache 1.3.6 + mod_ssl-2.2.8-1.3.6
+ openssl-0.9.2b.tar.gz for verifying client certificate status with LDAPv2
directory during client authentication, using OCSP API made by Tom Titchener
for OpenSSL.
The function search in LDAP the client certificate, by e-mail, and I assumed
that if the cert is found in LDAP the status is 'good' (right just for our
internal use), instead is 'revoked' or 'unauthorized'. It add an env var
containing the cert status.
I attach a diff file to apply the patch, with 'patch' command:
patch -p1 original_file cert_status_patch.diff
Hope is usefull to somebody, accept any critics or suggestion.
Andrea
cert_status_patch.diff.tar.gz
