Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute type
'uid' specified for pilotPerson). That seems right to me since it's
compliant with RFC 4514 which contains a table of short and long attribute
type names and their OIDs (end of chapter 3).
But now I don't understand the #ifdef-statement mentioned above. From my
understanding it MUST NOT reference NID_x500UniqueIdentifier. It MUST
reference NID_userId. To me that looks clearly like a bug in mod_ssl.
Changing it would break backwards-compat which is why the #ifdef is
there (so that the _UID variable refers to the same OID regardless of
what OpenSSL version si use).
1. I seriously doubt that there are any certs out there which use
x500UniqueIdentifier in the subject-DN. If yes, then these certs are
also seriously broken.
2. It's simply broken that attribute type UID in mod_ssl differs from
OpenSSL here.
Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
