Hello Joe, Thank you very much for the exhaustive answer. Best regards, Arsen.
On Tue, 7 Aug 2007, Joe Orton wrote: > On Tue, Aug 07, 2007 at 02:25:54PM +0200, Arsen Hayrapetyan wrote: > > Hello, > > > > I am setting up client authentication with X.509 certificates. > > The client has the certificate subject DN of the following form: > > /C=XX/O=YYY/OU=ZZZ/OU=PPP/CN=TTT > > I need to catch both OUs in my perl CGI script. But when I am trying to > > get the values of OUs with the foolowing piece of code: > > > > $variable=$ENV{SSL_CLIENT_S_DN_OU}; > > print "$variable \n"; > > $variable=$ENV{SSL_CLIENT_S_DN_OU}; > > print "$variable \n"; > > > > both print statements print ZZZ (the first OU). > > > > How can I catch both OUs in my CGI script? Does mod_ssl "see" the first OU > > only? > > It has access to them all, but only exports the first. > > If you upgrade to 2.2.x, you could hack ssl_engine_kernel.c by adding: > > "SSL_CLIENT_S_DN_OU_0", > "SSL_CLIENT_S_DN_OU_1", > > to the ssl_hook_Fixup_vars[] array. This will force the first and > second OU field to be exported to CGI scripts in those named variables. > Note that this won't work with 2.0.x, which doesn't support the _N > suffix. > > > My apache version is 2.0.55. However I don't know the version of mod_ssl. > > By the way, how can I determine what version of mod_ssl module do I have? > > mod_ssl is integrated into the httpd 2.x tree, so there is no separate > "versino". > > joe > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]