httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45107] Client certificate attribute UID not usable in env var SSL_CLIENT_S_DN_UID since wrong NID/OID assigned
Date Thu, 27 Aug 2009 20:51:21 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45107



--- Comment #10 from Lampa <lampacz@gmail.com> 2009-08-27 13:51:17 PDT ---
exactly, before patch modules/ssl/ssl_engine_vars.c contains only:

        #ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
    { "UID",   NID_x500UniqueIdentifier   },
        #else /* old name, OpenSSL < 0.9.7 */
    { "UID",   NID_uniqueIdentifier       },
        #endif

and wasn't possible to log only UID ("-" instead
d1bff376-3788-404f-ae9c-ffffffffffff in custom log file; DN containted UID)
after patch UID appears in custon log file

/usr/include/openssl/objects.h:
....
#define SN_uniqueIdentifier             "UID"
#define LN_uniqueIdentifier             "uniqueIdentifier"
#define NID_uniqueIdentifier            102
#define OBJ_uniqueIdentifier            OBJ_X509,45L
...


/usr/include/openssl/obj_mac.h:
...
#define SN_userId               "UID"
#define LN_userId               "userId"
#define NID_userId              458
#define OBJ_userId              OBJ_pilotAttributeType,1L
....
#define LN_x500UniqueIdentifier         "x500UniqueIdentifier"
#define NID_x500UniqueIdentifier                503
#define OBJ_x500UniqueIdentifier                OBJ_X509,45L
....

openssl x509 -in test2.crt -noout  -subject -nameopt RFC2253  -nameopt sname
subject=
UID=d1bff376-3788-404f-ae9c-ffffffffffff,emailAddress=test@test.com,CN=Test
User,OU=Test Unit,O=Organization,L=Location,ST=State,C=CZ

openssl x509 -in test2.crt -noout  -subject -nameopt RFC2253  -nameopt oid
subject=
0.9.2342.19200300.100.1.1=d1bff376-3788-404f-ae9c-ffffffffffff,1.2.840.113549.1.9.1=test@test.com,2.5.4.3=Test
User,2.5.4.11=Test
Unit,2.5.4.10=Organization,2.5.4.7=Location,2.5.4.8=State,2.5.4.6=CZ

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message