Hi!
I can solve this problem, so report about it.
The reason I can't get Client-Certificate-Chain by
using SSL_CLIENT_CERT_CHAIN_n on my CGI is maybe a BUG of
mod_ssl2.8.3-1.3.19 (I think ).
A point of "ssl_engine_vars.c" which is a source code of mod_ssl is
wrong:
pkg.sslmod/ssl_engine_vars.c
line309-312
>else if(ssl != NULL && strlen(var) > 18 && strEQn(var, "CLIENT_CERT_CHAIN_",18)){
> sk = SSL_get_peer_cert_chain(ssl);
> result = ssl_var_lookup_ssl_cert_chain(p,sk,var+17);
>}
I think
result = ssl_var_lookup_ssl_cert_chain(p,sk,var+17);
~~~~~~~
is wrong, and I corrected this line like
result = ssl_var_lookup_ssl_cert_chain(p,sk,var+18);
~~~~~~~
then I can get SSL_CLIENT_CERT_CHAIN_n on my CGI now.
I think that "var+17" is "_n"(n=0,1,2,3,..),
so a line 486 of "ssl_engine_vars.c" which is
> if(strspn(var, "0123456789") == strlen(var)){
is FALSE, and the code of line 486-492 don't be executed.
I think this is the reason I can't get SSL_CLIENT_CERT_CHAIN.
I don't make sure of this exactly, so maybe I made a mistake.
Is there anyone who try to make sure of this?
Thanks a lot
--
kentaro
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
