httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 47514] New: Personal data and restrictions based on subject directory attributes extension
Date Sun, 12 Jul 2009 18:58:40 GMT

           Summary: Personal data and restrictions based on subject
                    directory attributes extension
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: PatchAvailable
          Severity: enhancement
          Priority: P2
         Component: mod_ssl

Created an attachment (id=23961)
 --> (
Patch to add basic suport for Subject Directory Attributes extension

Hello everyone.

I think "mod_ssl" doesn't have enough support for Subject Directory Attributes
extension (that may contain personal data information). It doesn't generates
environment variables for the common attributes, and restrictions seem 
impossible (PeerExtList "function" returns a mix of all attribute values with
incorrect characters, but doesn't allow to select one of the attributes of the

So, I would like to contribute the attached patch to add basic support for
Subject Directory Attributes extension. It generates the following environment
variables (when present in peer certificate, and the new "SubjectDirAttrVars"
option is enabled in "SSLOptions"):


It is also possible to add restrictions on the previous variables.
For example:

That can be very useful to restrict adult contents, when using client
credentials like Spanish electronic National Identity Card (DNIe).

The enhancements are only implemented for OpenSSL toolkit (I don't have SSL-C

But I expect you will find it interesting enough, to commit the patch to the
apache server project.

Jordi Marine

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message