https://issues.apache.org/bugzilla/show_bug.cgi?id=45875
Willy Weisz <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #15 from Willy Weisz <[email protected]> 2011-02-15 11:45:41 EST --- (In reply to comment #14) > SSL_CLIENT_S_DN_OU UniVie > SSL_CLIENT_S_DN_OU_1 VCPC > > How is that "in error"? That is exactly as described and expected: > > "When the environment table is populated using the StdEnvVars option of the > SSLOptions directive, the first (or only) attribute of any DN is added only > under a non-suffixed name; i.e. no _0 suffixed entries are added." > > Populating the env table with duplicate _0 entries is unnecessary - the code > has never worked that way so there can be no expectation that it should. You > can use the _0 names if accessing the variables directly through the C > ssl_var_lookup API (or Perl equivalent). Your new description reads: -- suffix. If the DN in question contains multiple attributes of the +same name, this suffix is used as a zero-based index to select a +particular attribute. For example, where the server certificate +subject DN included two OU attributes, <code>SSL_SERVER_S_DN_OU_0</code> +and +<code>SSL_SERVER_S_DN_OU_1</code> could be used to reference each. A +variable name without a <code>_n</code> suffix is equivalent to that +name with a <code>_0</code> suffix; the first (or only) attribute. +When the environment table is populated using +the <code>StdEnvVars</code> option of +the <code class="directive"><a href="#ssloptions">SSLOptions</a></code> directive, the +first (or only) attribute of any DN is added only under a non-suffixed +name; i.e. no <code>_0</code> suffixed entries are added.</p> -- The normal understanding of the last sentence in its context is that only when StdEnvVars is set the xxx_0 entry is omitted in the environment table, whereas you mean that in the environment table, which is only created when StdEnvVars is set, it is always omitted. I therefore suggest to rephrase the text to read: "Nevertheless, in the environment table, created as a result of using the <code>StdEnvVars</code> option of the <code class="directive"><a href="#ssloptions">SSLOptions</a></code> directive, the first (or only) attribute of any DN is added only under a non-suffixed name; i.e. no <code>_0</code> suffixed entries are added.</p>". Concerning your statement "the code has never worked that way so there can be no expectation that it should", let me remind you that the code didn't work "that way" nor any other way according to the specification stated in the original 2.2 documentation before I opened this bug report and submitted a first - be it very inefficient - patch. With the new definition you give in the patched documentation you partly redefined the original specification to suit your code. And you justify this approach by claiming that the xxx_0 entry is unnecessary. I strongly object to your argument: Having an environment entry with index 0 helps streamlining scripts retrieving environment variables through apr_table_get() directly or indirectly (e.g. the PHP function apache_getenv()) to a large extent. The little bit of redundancy overhead introduced by adding the index-zero entry is by far outweighed by the improved ease of writing scripts analysing the certificate entries with loops running through the whole array, and not having to single out the first entry of the array. If you think that my objection to your after-the-code specification should be started in a new bugzilla entry, I'll do that. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
