Hi Ralf,
I have been happily using mod_ssl for quite a while now. Currently I'm
migrating some Netscape Enterprise 3.x applications, I wrote some time
ago, over to Apache + mod_ssl + mod_jserv.
My work has involved your 2.1 beta code because my client certificates
include proprietary extensions so I need the B64 client cert to be
passed to the request handlers.
This week I started migrating another NES 3.x application that uses the
client cert to userid mapping functionality present in NES 3.x As you
probably know, the server extracts the contents of the OID
'0 9 2342 19200300 100 1 1' and if other elements of the DN match some
rules then sets the REMOTE_USER variable to the contents of the extension.
The rule matching part can be easily done with SSLRequire
directive, however getting the value of OID '0 9 2342 19200300 100 1 1'
is a bit more complex because it does not appear in the list
SSLeay-0.9.0b/crypto/objects/objects.h.
Because fo time constraints, I'm hacking my own mod_ to do the work by
reading the stuff directly from the cert. I'm planning to ask the SSLeay
guys if this OID can be supported in their distribution.
My question is if you think a similar functionalitiy could be included
in mod_ssl maybe with LDAP support as described somewhere in the
wishlist.
HAPPY BIRTHDAY RALF! thanks for the great work.
Cheers
e.
===============================================================================
Enrico Badella email: [EMAIL PROTECTED]
Soft*Star srl [EMAIL PROTECTED]
InterNetworking Specialists tel: +39-11-746092
Via Camburzano 9 fax: +39-11-746487
10143 Torino, Italy
Wanted, for hobbist use, any type of PDP and microVAX hardware,software,
manuals,schematics,etc. and DEC-10 docs or manuals
===============================================================================
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
