Michael Ströder wrote:
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute
type 'uid' specified for pilotPerson). That seems right to me since
it's compliant with RFC 4514 which contains a table of short and long
attribute type names and their OIDs (end of chapter 3).
But now I don't understand the #ifdef-statement mentioned above. From
my understanding it MUST NOT reference NID_x500UniqueIdentifier. It
MUST reference NID_userId. To me that looks clearly like a bug in
mod_ssl.
Changing it would break backwards-compat which is why the #ifdef is
there (so that the _UID variable refers to the same OID regardless of
what OpenSSL version si use).
1. I seriously doubt that there are any certs out there which use
x500UniqueIdentifier in the subject-DN. If yes, then these certs are
also seriously broken.
2. It's simply broken that attribute type UID in mod_ssl differs from
OpenSSL here.
Please take note of this Apache issue and consider the patch attached:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45107
Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
