On Wed, Jul 20, 2005 at 04:42:59PM -0000, Martin Kraemer wrote: > Author: martin > Date: Wed Jul 20 09:42:58 2005 > New Revision: 219940 > > URL: http://svn.apache.org/viewcvs?rev=219940&view=rev > Log: > Collaborative work: (Thanks, dreid!) > Implement OID checking for mod_ssl. This code allows for checking of > arbitrary client > certificate extensions by OID, in a syntax like: > SSLRequire "BaDCA Generated Certificate" in Oid("2.16.840.1.113730.1.13") \ > || "committers" in Oid("1.3.6.1.4.1.18060.1") > Note the following: > * A given OID can occur multiple times in one cert, with different values. > Therefore > the OID function compares the left-hand string against each of the OID > values, > until a complete match is found. If none patches, the result is FALSE > * The left hand side can be another expression, so can be a reference to a > variable > or an file() invocation etc. > * The OID is also just a reference to a string, or function, or whatever. > * My manual description is very short. Someone else please help improve the > description
1) this is a pretty specific to way to code it. Is there no way to make it more general so that OID() is just a function like file() and can be used e.g. in regex matches too? 2) you must always check in the regenerated generated scanner source along with changes to the lex file. Regards, joe
