Joe Orton wrote:
On Fri, May 23, 2008 at 04:46:48PM +0200, Michael Ströder wrote:
Hmm, the user ID is already stored by mod_ssl with attribute name "UID" in
env var SSL_CLIENT_S_DN. Given that it's OpenSSL 0.9.8 and that the
attribute type seems to be interpreted as UID is it safe to assume that the
cert contains the right OID?
No, unfortunately there is disparity between mod_ssl and OpenSSL here.
(I don't know why; I think historically the short name mappings were not
unique in OpenSSL possibly, something like that)
Hmmpf! So the string representation of SSL_CLIENT_S_DN is completely
generated by OpenSSL whereas the single attribute types are generated by
mod_ssl by looking at the cert's OID?
If NID_x500UniqueIdentifier maps to OID 2.5.4.45 it's plain wrong anyway...
It does indeed map to that OID... wrong in what sense?
Because the syntax assigned to attribute type 'x500UniqueIdentifier'
(OID 2.5.4.45) is 'Bit String' (OID 1.3.6.1.4.1.1466.115.121.1.6) which
cannot be used to store a user ID with characters like 'ABCDEF'.
http://www.alvestrand.no/objectid/2.5.4.45.html
Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]