Hi, Somewhere between 2.0 and 2.2 mod_ssl has changed its API radically, or rather, eliminated it. I used to access the client certificate via the API as an X_509 data type and passed it to my own authentication module. As of 2.2 X_509 is no longer accessible, the only way to obtain the cert information is via standard environment variables, as described in the user's guide.
I don't mind changing my code to access the cert info via environment. This is not a problem. The problem is that the encoding information is lost. ASN.1 strings can be of type BMPString (equivalent to UCS-2) or UniversalString (UCS-4), in addition to various UTF-8 compatible formats. The environment code happily ignores this and spills (possibly escaped) bytes representing the string to the environment. There's no way to interpret these bytes without knowing which encoding they come from. The environment code uses X509_NAME_oneline(). Quoth the man page: >The functions X509_NAME_oneline() and X509_NAME_print() are legacy >functions which produce a non standard output form, they don't handle >multi character fields and have various quirks and inconsistencies. >Their use is strongly discouraged in new applications. Is there any hope this will be fixed soon? Thanks.