On Sat, Jul 11, 2015 at 04:40:20PM +0200, Kaspar Brand wrote: > On 29.06.2015 15:14, Jan Pazdziora wrote: > > How about just passing char * and doing all the mapping logic > > including possible OBJ_create in parse_otherName_value? My goal here > > is to have all the "hard" work of determining the semantics isolated > > in one place. > > > > Please see patch attached. > > You're right, an ASN1_OBJECT * as an argument for modssl_X509_getSAN > makes handling of otherName entries relatively awkward. In the attached > patch, I have switched to a string for specifying the requested > otherName form (similar to what you did in your patch). > > OBJ_create adds new entries to a process-wide table, so instead of > checking for the presence of a specific entry at each request (in > parse_otherName_value), I consider it more appropriate and efficient to > do this only once, in ssl_init_Module. > > Barring feedback against this approach (or the observation of bugs in > the implementation), I intend to commit it to trunk in the next few days > (including mod_ssl.xml changes and a CHANGES item).
I've tried your patch and it works find for me. So I'm happy with your plan of committing it to trunk. ;-) Thank you! -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat
