On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote: > Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute type > 'uid' specified for pilotPerson). That seems right to me since it's > compliant with RFC 4514 which contains a table of short and long attribute > type names and their OIDs (end of chapter 3). > > But now I don't understand the #ifdef-statement mentioned above. From my > understanding it MUST NOT reference NID_x500UniqueIdentifier. It MUST > reference NID_userId. To me that looks clearly like a bug in mod_ssl.
Changing it would break backwards-compat which is why the #ifdef is there (so that the _UID variable refers to the same OID regardless of what OpenSSL version si use). But I don't disagree that it was wrong in the first place. I vaguely recall discussing this somewhere before and deciding we needed an extra _UserID-like variable so people can get the (commoner) pilotPerson-type uid attribute out of the DN too. joe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
