Oliver Graute wrote: > Hello, > > I'am using the following x509v3 extensions in my client certificate. > > [ x509v3 ] > basicConstraints = critical,CA:FALSE > nsCertType = client > keyUsage = digitalSignature,nonRepudiation,keyEncipherment > extendedKeyUsage = clientAuth, serverAuth, emailProtection > keyUsage = critical,digitalSignature > subjectKeyIdentifier = hash > authorityKeyIdentifier = keyid > crlDistributionPoints = crlDistributionPoint0_sect > 1.3.6.1.3.1.1.1 = ASN1:UTF8String:POSEUR > > Is it possible to export these x509v3 extensions with NSSOptions > +StdEnvVars or any other NSSOption? > > especially I need to export the "1.3.6.1.3.1.1.1 = > ASN1:UTF8String:POSEUR" in my php environment. > > Is it possible to configure or patch mod_nss to achive this? where is > the right place to adapt the code for this?
It isn't exported today. You have a couple of options: 1. you should have the full cert available in PHP. You could use that to pull out the extensions yourself assuming PHP has the tools need to to parse x509 certs. 2. tweak nss_engine_vars.c to be able to pull out generic or specific extensions. You'd want to cross-check with mod_ssl to see if there is already a "standard" for how the variables would be named. This would be much harder than #1. I'm working on extracting a subset of SAN now but that's it. rob _______________________________________________ Mod_nss-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/mod_nss-list
