DONT SEND ME THIS CRAP THANK'S
-------------- Original message from Michael Ströder <[EMAIL PROTECTED]>: --------------
> Joe,
>
> many thanks for your response.
>
> Joe Orton wrote:
> > On Mon, May 19, 2008 at 10:13:45AM +0200, Michael Ströder wrote:
> >>
> >> Maybe I'm overlooking the obvious but it seems that env var
> >> SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication.
> >>
> >> The following env vars displayed in my SSI HTML text are relevant here
> >> (obfuscated to protect privacy):
> >>
> >> SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name
> >> SSL_CLIENT_S_DN_UID: (none)
> >>
> >> Is it caused by UID not being the leaf RDN?
> >
> > That shouldn' t make any difference.
>
> Ok, fine.
>
> > What versions of OpenSSL and httpd/mod_ssl are you using?
>
> Actually pre-built RPMs shipped with openSUSE 10.3:
>
> # rpm -q openssl apache2
> openssl-0.9.8e-45.5
> apache2-2.2.4-70.4
>
> Not sure whether these RPMs are based on sources patched by openSUSE.
>
> > The "UID" DN tag is ambiguous and probably
> > maps to something other than what your subject DN uses.
> >
> > In the current 2.x mod_ssl sources, UID maps to:
> >
> > #ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
> > { "UID", NID_x500UniqueIdentifier },
> > #else /* old name, OpenSSL < 0.9.7 */
> > { "UID", NID_uniqueIdentifier },
> > #endif
>
> Hmm, the user ID is already stored by mod_ssl with attribute name "UID"
> in env var SSL_CLIENT_S_D N. Giv en that it's OpenSSL 0.9.8 and that the
> attribute type seems to be interpreted as UID is it safe to assume that
> the cert contains the right OID?
>
> If NID_x500UniqueIdentifier maps to OID 2.5.4.45 it's plain wrong anyway...
>
> Ciao, Michael.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager [EMAIL PROTECTED]
