Re: [squid-dev] [PATCH] support custom OIDs in *_cert ACLs
If there is not any objection I will apply this patch to trunk. On 05/26/2015 12:00 PM, Tsantilas Christos wrote: Hi all, This patch allow user_cert and ca_cert ACLs to match arbitrary stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For example, should be able to match certificates that have 1.3.6.1.4.1.1814.3.1.14 OID in the certificate Subject or Issuer field. Squid configuration would look like this: acl User_Cert-TrustedCustomerNum user_cert 1.3.6.1.4.1.1814.3.1.14 1001 This is a Measurement Factory project ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] [PATCH] support custom OIDs in *_cert ACLs
On 26/05/2015 9:00 p.m., Tsantilas Christos wrote: Hi all, This patch allow user_cert and ca_cert ACLs to match arbitrary stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For example, should be able to match certificates that have 1.3.6.1.4.1.1814.3.1.14 OID in the certificate Subject or Issuer field. Squid configuration would look like this: acl User_Cert-TrustedCustomerNum user_cert 1.3.6.1.4.1.1814.3.1.14 1001 This is a Measurement Factory project +1 anyway. Dont like the extra leak-ish part though. Does TidyPointer make sense there? Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] [PATCH] support custom OIDs in *_cert ACLs
On 05/26/2015 12:10 PM, Amos Jeffries wrote: On 26/05/2015 9:00 p.m., Tsantilas Christos wrote: Hi all, This patch allow user_cert and ca_cert ACLs to match arbitrary stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For example, should be able to match certificates that have 1.3.6.1.4.1.1814.3.1.14 OID in the certificate Subject or Issuer field. Squid configuration would look like this: acl User_Cert-TrustedCustomerNum user_cert 1.3.6.1.4.1.1814.3.1.14 1001 This is a Measurement Factory project +1 anyway. Dont like the extra leak-ish part though. Does TidyPointer make sense there? No. It is not a memory leak. The OBJ_create just adds the OID in internal openSSL database of valid fields. Even if the OID is not used after a reconfigure, still remains in this database. This is not a real problem unless someone add some thousands of these OIDs. But I do not believe that this is a real problem... Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] [PATCH] support custom OIDs in *_cert ACLs
On 26/05/2015 9:26 p.m., Tsantilas Christos wrote: On 05/26/2015 12:10 PM, Amos Jeffries wrote: On 26/05/2015 9:00 p.m., Tsantilas Christos wrote: Hi all, This patch allow user_cert and ca_cert ACLs to match arbitrary stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For example, should be able to match certificates that have 1.3.6.1.4.1.1814.3.1.14 OID in the certificate Subject or Issuer field. Squid configuration would look like this: acl User_Cert-TrustedCustomerNum user_cert 1.3.6.1.4.1.1814.3.1.14 1001 This is a Measurement Factory project +1 anyway. Dont like the extra leak-ish part though. Does TidyPointer make sense there? No. It is not a memory leak. The OBJ_create just adds the OID in internal openSSL database of valid fields. Even if the OID is not used after a reconfigure, still remains in this database. This is not a real problem unless someone add some thousands of these OIDs. But I do not believe that this is a real problem... Ah, okay. No problem then. This can go in whenever you wish. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
