>> I made a patch in Apache 1.3.6 + mod_ssl-2.2.8-1.3.6
>> + openssl-0.9.2b.tar.gz for verifying client certificate status with
LDAPv2
>> directory during client authentication, using OCSP API made by Tom
Titchener
>> for OpenSSL.
>> The function search in LDAP the client certificate, by e-mail, and I
assumed
>> that if the cert is found in LDAP the status is 'good' (right just for
our
>> internal use), instead is 'revoked' or 'unknown'. It add two env vars
>> containing cert status and response status.
>>
>> I attach a diff file to apply the patch, with 'patch' command:
>> patch -p1 original_file cert_status_patch.diff
>>
>> Hope is usefull to somebody, accept any critics or suggestion.
I pathched:
ssl_engine_kernel.c
ssl_engine_config.c
ssl_engine_vars.c
mod_ssl.c
mod_ssl.h
New file: mod_ldap.h
New configuration directives for Apache: httpd.conf.ldap
>
>So, in short: I think the stuff is still not ready for inclusion, but when
you
>work on the above points it will be a very useful extension in the future.
>Thanks for your efforts.
I cleaned up the code, I'll send you to overview, if you're interested.
Thanks
Andrea
ldap_patch.tar.gz
