On Fri, Jul 22, 2005 at 11:12:07AM +0100, Joe Orton wrote: > On Wed, Jul 20, 2005 at 04:42:59PM -0000, Martin Kraemer wrote: > > Author: martin > > Date: Wed Jul 20 09:42:58 2005 > > New Revision: 219940 > > > > URL: http://svn.apache.org/viewcvs?rev=219940&view=rev > > Log: > > Collaborative work: (Thanks, dreid!) > > Implement OID checking for mod_ssl. This code allows for checking of > > arbitrary client > > certificate extensions by OID, in a syntax like: > > SSLRequire "BaDCA Generated Certificate" in > > Oid("2.16.840.1.113730.1.13") \ > > || "committers" in Oid("1.3.6.1.4.1.18060.1") > > Note the following: > > * A given OID can occur multiple times in one cert, with different values. > > Therefore > > the OID function compares the left-hand string against each of the OID > > values, > > until a complete match is found. If none patches, the result is FALSE > > * The left hand side can be another expression, so can be a reference to a > > variable > > or an file() invocation etc. > > * The OID is also just a reference to a string, or function, or whatever. > > * My manual description is very short. Someone else please help improve the > > description
and since I can't update to fix (2) myself, here's another... 3) oid() is a terrible name for this; it's simply the type of the parameter. It would be like calling malloc() "size()". The function expands (conceptually) to the values of an extension in the peer's certificate, identified by OID; so call it peerext() or something meaningful like that.
