https://bz.apache.org/bugzilla/show_bug.cgi?id=57949
Bug ID: 57949
Summary: new mod_ssl environment variable
SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Product: Apache httpd-2
Version: 2.4.12
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Created attachment 32755
--> https://bz.apache.org/bugzilla/attachment.cgi?id=32755&action=edit
patch
Hi,
I've created a new environment variable in order to test for an extended key
usage into a certificate. Like clientAuth on a client certificate
authentication for instance. This variable can then be used on a Require
directive as follow :
Require expr %{SSL_CLIENT_EXT_KEYUSAGE_clientAuth} == "true"
Format of the variable name is as follow :
SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Where purpose is either a shortname ( serverAuth, clientAuth etc...) or an oid.
Shortname are case insensitive and '.' on oid must be replace with '_'.
Here is some valid examples :
SSL_CLIENT_EXT_KEYUSAGE_clientAuth
SSL_SERVER_EXT_KEYUSAGE_SERVERAUTH
SSL_CLIENT_EXT_KEYUSAGE_1_3_6_1_5_5_7_3_2
We may improve the comparison of oid by checking each number one by one instead
of converting both var (replace '_' by '.') and obj (convert into char*) and do
a strcmp. But I'm not sure if openssl offers another way to get oid other than
OBJ_obj2txt().
We may also add the export of all the purpose as variable when +StdEnvVars is
set on SSLOptions.
Please feel free to give me any feedback about code, patch, documentation
etc...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
