Re: /bzr/squid3/trunk/ r13517: Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes

2014-07-30 Thread Amos Jeffries
Hi Christos,

Can you confirm or deny for me that these %USER_CERT_* macros map to the
%ssl::>cert_* logformat codes?

Their existence is one of the outstanding issues with external_acl_type
upgrade to logformat.

Cheers
Amos

On 31/07/2014 3:31 a.m., Christos Tsantilas wrote:
> 
> revno: 13517
> committer: Christos Tsantilas 
> branch nick: trunk
> timestamp: Wed 2014-07-30 18:31:10 +0300
> message:
>   Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
>   
> * The attribute part of the %USER_CA_CERT_xx and %CA_CERT_xx formating 
> codes
>   is not parsed correctly, make these formating codes useless.
> * The %USER_CA_CERT_xx documented wrongly
> modified:
>   src/cf.data.pre
>   src/external_acl.cc
> 



Re: /bzr/squid3/trunk/ r13517: Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes

2014-07-31 Thread Tsantilas Christos

On 07/31/2014 03:35 AM, Amos Jeffries wrote:

Hi Christos,

Can you confirm or deny for me that these %USER_CERT_* macros map to the
%ssl::>cert_* logformat codes?


Not exactly.
 - The %ssl::>cert_subject is equivalent to the %USER_CERT_DN external 
acl macro

 - The %ssl::>cert_issuer is equivalent to the %USER_CA_CERT_DN



Their existence is one of the outstanding issues with external_acl_type
upgrade to logformat.


The certificate and certificate issuer subjects are in the form:
   C=GR, ST=ATTIKI, L=Athens, O=ChTsanti, OU=Admin, CN=fortune

The %USER_CERT_* and %USER_CA_CERT_* external acl macros designed to 
return fields of the subject. For example someone can use:

  %USER_CERT_CN or %USER_CA_CERT_O

The DN suffix means all the subject

The %ssl::>cert_subject and %ssl::>cert_issuer log formatting codes 
return the  cert and issuer subjects.
We need to support arguments in %ssl::>cert_subject and 
%ssl::>cert_issuer to have similar functionality with external acl. For 
example:

  %{CN}ssl::>cert_subject
  %{CN}ssl::>cert_issuer
  %{DN}ssl::>cert_subject




Cheers
Amos

On 31/07/2014 3:31 a.m., Christos Tsantilas wrote:


revno: 13517
committer: Christos Tsantilas 
branch nick: trunk
timestamp: Wed 2014-07-30 18:31:10 +0300
message:
   Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes

 * The attribute part of the %USER_CA_CERT_xx and %CA_CERT_xx formating 
codes
   is not parsed correctly, make these formating codes useless.
 * The %USER_CA_CERT_xx documented wrongly
modified:
   src/cf.data.pre
   src/external_acl.cc