Andrei Ivanov wrote:
> Hi,
> I'm trying to configure a virtual host to perform some kind of mutual
> authentication using client certificates, performing an extra type of
> validation:
>
> <Location />
> NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
> </Location>
>
> The problem at the moment seems to be that this expression is considered
> invalid :-(
>
> I've also tried with
> Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
>
> Still error :-(
>
> AH00526: Syntax error on line 174 of /etc/httpd/conf.d/nss.conf:
> Cannot parse expression in require line: syntax error, unexpected $end
>
> Is this kind of expression really not supported?
> What are my options for such an expression?
This isn't supported and I imagine the parsing engine would need to be
extended quite a bit to do so.
I don't know of a dynamic way to do this, you'd have to hardcode the SAN
list into the config.
rob
_______________________________________________
Mod_nss-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/mod_nss-list
