httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45875] X509 DN components with multiple occurence not available to apr_table_get
Date Tue, 30 Sep 2008 20:07:17 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45875





--- Comment #4 from Joe Orton <jorton@redhat.com>  2008-09-30 13:07:16 PST ---
It would be useful to do this, certainly.

The attached patch would I think almost double the cost of ssl_hook_Fixups()
with +ExportCertData because it would invoke ssl_var_lookup_ssl_cert_dn() at
least twice for each DN suffix in the Fixup_vars array, and _ssl_cert_dn()
iterates potentially over the entire X509_NAME array for each invocation -- not
cheap.

I'd really really rather see a patch to rewrite the Fixup code to instead
iterate through the X509_NAME *once* for each of the four (server, client) *
(subj, issuer) DNs, which could for each:

- check the NID against a table of the NIDs to export
- if it's one to export, do a cheap reverse lookup to get a varname suffix
- and count entries so that for multiple DNs the _N suffix gets added


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message