httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45875] X509 DN components with multiple occurence not available to apr_table_get
Date Tue, 30 Sep 2008 20:07:17 GMT

--- Comment #4 from Joe Orton <>  2008-09-30 13:07:16 PST ---
It would be useful to do this, certainly.

The attached patch would I think almost double the cost of ssl_hook_Fixups()
with +ExportCertData because it would invoke ssl_var_lookup_ssl_cert_dn() at
least twice for each DN suffix in the Fixup_vars array, and _ssl_cert_dn()
iterates potentially over the entire X509_NAME array for each invocation -- not

I'd really really rather see a patch to rewrite the Fixup code to instead
iterate through the X509_NAME *once* for each of the four (server, client) *
(subj, issuer) DNs, which could for each:

- check the NID against a table of the NIDs to export
- if it's one to export, do a cheap reverse lookup to get a varname suffix
- and count entries so that for multiple DNs the _N suffix gets added

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message