On Fri, Nov 19, 1999, Pedro Miguel Pereira Borges wrote:
> I have the following question and I would be very gratefull if
> anyone could give me a hint.
> The Mod_SSL makes available in the Apache environment some variables
> like SSL_CLIENT_S_DN_O that represent some of the fields of the client's
> certificate and the variable SSL_CLIENT_CERT that represents the whole
> certificate.
> My question is the this: is there any way to make available to
> Apache variables that represent the X.509 extensions present in the
> certificate using Mod_SSL ?
> Or that could only be possible by writing an Apache module that
> would take SSL_CLIENT_CERT and parse it to extract the extensions and create
> the respective variables ?
> Or is this impractical too ?
If you really need more ingredients of the cert, you've to parse the cert
yourself inside an additional module (you can use EAPI to fetch the SSL stuff
and then OpenSSL's API for extracting the information) or you at least have to
add some code to ssl_engine_vars.c in mod_ssl to provide such variables, too.
For how one can extract cert extensions via OpenSSL API look at function
SSL_X509_isSGC() in mod_ssl's ssl_util_ssl.c. It's not complicated if one
knows how.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
