httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47514] New: Personal data and restrictions based on subject directory attributes extension
Date Sun, 12 Jul 2009 18:58:40 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47514

           Summary: Personal data and restrictions based on subject
                    directory attributes extension
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: PatchAvailable
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: jmarine@dev.java.net


Created an attachment (id=23961)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23961)
Patch to add basic suport for Subject Directory Attributes extension

Hello everyone.

I think "mod_ssl" doesn't have enough support for Subject Directory Attributes
extension (that may contain personal data information). It doesn't generates
environment variables for the common attributes, and restrictions seem 
impossible (PeerExtList "function" returns a mix of all attribute values with
incorrect characters, but doesn't allow to select one of the attributes of the
"SDA").

So, I would like to contribute the attached patch to add basic support for
Subject Directory Attributes extension. It generates the following environment
variables (when present in peer certificate, and the new "SubjectDirAttrVars"
option is enabled in "SSLOptions"):

SSL_CLIENT_EXT_SDA_GENDER
SSL_CLIENT_EXT_SDA_COUNTRYOFRESIDENCE_n
SSL_CLIENT_EXT_SDA_COUNTRYOFCITIZENSHIP_n
SSL_CLIENT_EXT_SDA_PLACEOFBIRTH
SSL_CLIENT_EXT_SDA_DATEOFBIRTH
SSL_CLIENT_EXT_SDA_AGE


It is also possible to add restrictions on the previous variables.
For example:
SSLRequire %{SSL_CLIENT_EXT_SDA_AGE} >= 18

That can be very useful to restrict adult contents, when using client
credentials like Spanish electronic National Identity Card (DNIe).


The enhancements are only implemented for OpenSSL toolkit (I don't have SSL-C
toolkit).

But I expect you will find it interesting enough, to commit the patch to the
apache server project.

-----
Jordi Marine
<jmarine@dev.java.net>

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message