Daniel-Constantin Mierla wrote:
Please check if I got it right:
We can make a function ascii2str which copies the ascii string into a
statice buffer (e.g. maxlen=255, I have to check if there a length
limits for certificate parameters).
$cn retrieves the certificate subject from openssl as ASCII. it then
uses ascii2str to copy it into the static buffer.
Would that mean also that in the following snippet all these tasks are
done 3 times (xlog+xlog+accounting)?
It is up to the implementation. The pseudo-variables getting the time
calls time(NULL) only once per message, as well as TM module sets one
time the global transaction variable (it does not search the transaction
each time is needed per script processing). So, you can do it each time,
or once per script processing, it is a matter of internal design and
developer's choice - recommended is to be once per script processing.
If we want to have it once per script processing, we need a static
buffer for each parameter. Given the list of possible parameters (taken
from ser's tls module) this will add 46 static buffers. Is this
something we should do or should we choose another implementation?
regards
klaus
List of possible TLS parameters:
@tls String description of the TLS layer
@tls.version Protocol version being used
@tls.desc The same as @tls
@tls.cipher Cipher name being used
@tls.cipher.bits Number of bits used for encryption
@tls.peer Peer certificate subject common name
@tls.me Local certificate subject common name
@tls.peer.subject same as @tls.peer
@tls.peer.issuer Peer certificate issuer common name
@tls.peer.verified True if peer cert has been verified
@tls.peer.version Peer/local certificate version
@tls.peer.sn Peer/local certificate number
@tls.peer.not_before Certificate validity start
@tls.peer.not_after Certificate validity end
@tls.peer.email Email address from subj alternative name
@tls.peer.host DNS anme from subj alternative name
@tls.peer.uri URI from subj alternative name
@tls.peer.ip IP address from subj alternative name
@tls.peer.subj.locality locality component
@tls.peer.subj.country subject country
@tls.peer.subj.state subject state
@tls.peer.subj.organization subject organization
@tls.peer.subj.unit subject organizational unit
@tls.peer.issuer.locality locality component
@tls.peer.issuer.country issuer country
@tls.peer.issuer.state issuer state
@tls.peer.issuer.organization issuer organization
@tls.peer.issuer.unit issuer organizational unit
@tls.my.version Peer/local certificate version
@tls.my.sn Peer/local certificate number
@tls.my.not_before Certificate validity start
@tls.my.not_after Certificate validity end
@tls.my.email Email address from subj alternative name
@tls.my.host DNS anme from subj alternative name
@tls.my.uri URI from subj alternative name
@tls.my.ip IP address from subj alternative name
@tls.my.subj.locality locality component
@tls.my.subj.country subject country
@tls.my.subj.state subject state
@tls.my.subj.organization subject organization
@tls.my.subj.unit subject organizational unit
@tls.my.issuer.locality locality component
@tls.my.issuer.country issuer country
@tls.my.issuer.state issuer state
@tls.my.issuer.organization issuer organization
@tls.my.issuer.unit issuer organizational unit
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
