httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45107] Client certificate attribute UID not usable in env var SSL_CLIENT_S_DN_UID since wrong NID/OID assigned
Date Thu, 27 Aug 2009 17:05:32 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45107



--- Comment #8 from Lampa <lampacz@gmail.com> 2009-08-27 10:05:28 PDT ---
using CustomLog "%{SSL_PROTOCOL}x \"%{SSL_CIPHER}x\" \"%{SSL_CLIENT_S_DN_CN}x\"
\"%{SSL_CLIENT_S_DN_UID}x\" \"%r\" %>s %b %T"

before patch:
TLSv1 "DHE-RSA-AES256-SHA" "/C=CZ/ST=State/L=Location/O=Organization/OU=Test
Unit/CN=Test
User/emailAddress=test@test.com/UID=d1bff376-3788-404f-ae9c-ffffffffffff" "-"
"GET / HTTP/1.1" 403 217 1

after patch:
TLSv1 "DHE-RSA-AES256-SHA" "/C=CZ/ST=State/L=Location/O=Organization/OU=Test
Unit/CN=Test
User/emailAddress=test@test.com/UID=d1bff376-3788-404f-ae9c-ffffffffffff"
"d1bff376-3788-404f-ae9c-ffffffffffff" "GET / HTTP/1.1" 403 217 1

also  SSLRequire %{SSL_CLIENT_S_DN_UID} doesn't work

openssl.cnf:

[ req_distinguished_name ]
....
uid                             = User ID
uid_min                         = 36
uid_max                         = 36


and cert:

-----BEGIN CERTIFICATE-----
MIIEvjCCAqagAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ1ox
GDAWBgNVBAgTD0Nlc2thIFJlcHVibGlrYTEOMAwGA1UEBxMFUHJhaGExFTATBgNV
BAoTDFNhbnRlIHMuci5vLjEZMBcGA1UEAxMQTUFYIHYxIENsaWVudCBDQTEfMB0G
CSqGSIb3DQEJARYQc3VwcG9ydEBzYW50ZS5jejAeFw0wOTA4MjcxNjU4MjdaFw0x
MDA4MjcxNjU4MjdaMIHDMQswCQYDVQQGEwJDWjEOMAwGA1UECBMFU3RhdGUxETAP
BgNVBAcTCExvY2F0aW9uMRUwEwYDVQQKEwxPcmdhbml6YXRpb24xEjAQBgNVBAsT
CVRlc3QgVW5pdDESMBAGA1UEAxMJVGVzdCBVc2VyMRwwGgYJKoZIhvcNAQkBFg10
ZXN0QHRlc3QuY29tMTQwMgYKCZImiZPyLGQBARMkZDFiZmYzNzYtMzc4OC00MDRm
LWFlOWMtZmZmZmZmZmZmZmZmMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM
1V8TAu3mfzXduSI6fZcbT00mbZjOuvBBn+SAKnSn0Evf/x3qzfzRcG3fyXrOICnF
A66R9Dm3SGyuhr7SnWSrOtezAUkOsBejke2tdElk7OgoXQQHblBAKFGcJ7yeKxdy
+nk9CGvXV1SaLJYU+DOAQt1h6qaHbi8+soRtJWs8CwIDAQABo3gwdjAMBgNVHRMB
Af8EAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCB4AwEwYDVR0lBAww
CgYIKwYBBQUHAwIwMQYJYIZIAYb4QgENBCQWIk9wZW5TU0wgQ2VydGlmaWNhdGUg
Zm9yIFNTTCBDbGllbnQwDQYJKoZIhvcNAQEFBQADggIBAE1a/t72msEM69N/k6hw
pBAc3hHQKlcmM+jSX5RhuuQEJu3iKf9OeExULZnBhBK1VhwEcYKOP3On/fbFC/Hi
LVawkt4S67bgxCzVSiHiEp7vJpoPBRH1ifZO5TzbXsKrGjN6zNy9zSS7QFWE0hy6
dtX0Jjx8iU3c46+E+R5OK6nlbcLXIh6DYXSZgo0FdeF+m9unQoE34TRe9imbh8ZF
6e4noXEYAna9sVEMQDvGKycC7HJaltV/iS44UXji0uvUA31sUfhEbGAlGxw3DhXr
HQAhv7xQ4QICzGANtF/Tic4zi+KNvWtGZ+MtOWxkcLgxc13Vhr+Hp1d+cGWMj9A3
xRjeW5DK1DVBjI8dAb1B14lCYrd4sXZbSDH2YhbXAw6PILN7hmrauJTIlMyz8LEn
AKcIxlR59QaimZgfiN9c0gV4QKHAUO+seHGIa9/1ewZ1vidbGyldpCojbbfMnCX6
cPISe+fIl8h5Ph81iRYNGiT6dqoHk3OHhw2PtXSCDieN5qZrqBigaDnRQ9awWbnK
l2m19MBVaE7VtPCmqrqLH+uTqepFFspBs29AFHXiSw4L0aGicuaduSyZ5XpZ0xN3
ojDfBQYTmcafwmfyDDi2YsNJqCgJJLMmYo5eIklt3sgKypCs6NwJGl18Wgcv1WRO
4YOTATlUek/SuqnvIVl4Fv4A
-----END CERTIFICATE-----

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message