Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 41091 invoked from network); 27 Aug 2009 17:05:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 27 Aug 2009 17:05:57 -0000 Received: (qmail 65923 invoked by uid 500); 27 Aug 2009 17:05:56 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 65864 invoked by uid 500); 27 Aug 2009 17:05:56 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 65852 invoked by uid 99); 27 Aug 2009 17:05:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Aug 2009 17:05:56 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Aug 2009 17:05:53 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id 4A127234C1ED; Thu, 27 Aug 2009 10:05:32 -0700 (PDT) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 45107] Client certificate attribute UID not usable in env var SSL_CLIENT_S_DN_UID since wrong NID/OID assigned X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_ssl X-Bugzilla-Keywords: RFC X-Bugzilla-Severity: normal X-Bugzilla-Who: lampacz@gmail.com X-Bugzilla-Status: REOPENED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: In-Reply-To: References: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Message-Id: <20090827170532.4A127234C1ED@brutus.apache.org> Date: Thu, 27 Aug 2009 10:05:32 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=45107 --- Comment #8 from Lampa 2009-08-27 10:05:28 PDT --- using CustomLog "%{SSL_PROTOCOL}x \"%{SSL_CIPHER}x\" \"%{SSL_CLIENT_S_DN_CN}x\" \"%{SSL_CLIENT_S_DN_UID}x\" \"%r\" %>s %b %T" before patch: TLSv1 "DHE-RSA-AES256-SHA" "/C=CZ/ST=State/L=Location/O=Organization/OU=Test Unit/CN=Test User/emailAddress=test@test.com/UID=d1bff376-3788-404f-ae9c-ffffffffffff" "-" "GET / HTTP/1.1" 403 217 1 after patch: TLSv1 "DHE-RSA-AES256-SHA" "/C=CZ/ST=State/L=Location/O=Organization/OU=Test Unit/CN=Test User/emailAddress=test@test.com/UID=d1bff376-3788-404f-ae9c-ffffffffffff" "d1bff376-3788-404f-ae9c-ffffffffffff" "GET / HTTP/1.1" 403 217 1 also SSLRequire %{SSL_CLIENT_S_DN_UID} doesn't work openssl.cnf: [ req_distinguished_name ] .... uid = User ID uid_min = 36 uid_max = 36 and cert: -----BEGIN CERTIFICATE----- MIIEvjCCAqagAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ1ox GDAWBgNVBAgTD0Nlc2thIFJlcHVibGlrYTEOMAwGA1UEBxMFUHJhaGExFTATBgNV BAoTDFNhbnRlIHMuci5vLjEZMBcGA1UEAxMQTUFYIHYxIENsaWVudCBDQTEfMB0G CSqGSIb3DQEJARYQc3VwcG9ydEBzYW50ZS5jejAeFw0wOTA4MjcxNjU4MjdaFw0x MDA4MjcxNjU4MjdaMIHDMQswCQYDVQQGEwJDWjEOMAwGA1UECBMFU3RhdGUxETAP BgNVBAcTCExvY2F0aW9uMRUwEwYDVQQKEwxPcmdhbml6YXRpb24xEjAQBgNVBAsT CVRlc3QgVW5pdDESMBAGA1UEAxMJVGVzdCBVc2VyMRwwGgYJKoZIhvcNAQkBFg10 ZXN0QHRlc3QuY29tMTQwMgYKCZImiZPyLGQBARMkZDFiZmYzNzYtMzc4OC00MDRm LWFlOWMtZmZmZmZmZmZmZmZmMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM 1V8TAu3mfzXduSI6fZcbT00mbZjOuvBBn+SAKnSn0Evf/x3qzfzRcG3fyXrOICnF A66R9Dm3SGyuhr7SnWSrOtezAUkOsBejke2tdElk7OgoXQQHblBAKFGcJ7yeKxdy +nk9CGvXV1SaLJYU+DOAQt1h6qaHbi8+soRtJWs8CwIDAQABo3gwdjAMBgNVHRMB Af8EAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCB4AwEwYDVR0lBAww CgYIKwYBBQUHAwIwMQYJYIZIAYb4QgENBCQWIk9wZW5TU0wgQ2VydGlmaWNhdGUg Zm9yIFNTTCBDbGllbnQwDQYJKoZIhvcNAQEFBQADggIBAE1a/t72msEM69N/k6hw pBAc3hHQKlcmM+jSX5RhuuQEJu3iKf9OeExULZnBhBK1VhwEcYKOP3On/fbFC/Hi LVawkt4S67bgxCzVSiHiEp7vJpoPBRH1ifZO5TzbXsKrGjN6zNy9zSS7QFWE0hy6 dtX0Jjx8iU3c46+E+R5OK6nlbcLXIh6DYXSZgo0FdeF+m9unQoE34TRe9imbh8ZF 6e4noXEYAna9sVEMQDvGKycC7HJaltV/iS44UXji0uvUA31sUfhEbGAlGxw3DhXr HQAhv7xQ4QICzGANtF/Tic4zi+KNvWtGZ+MtOWxkcLgxc13Vhr+Hp1d+cGWMj9A3 xRjeW5DK1DVBjI8dAb1B14lCYrd4sXZbSDH2YhbXAw6PILN7hmrauJTIlMyz8LEn AKcIxlR59QaimZgfiN9c0gV4QKHAUO+seHGIa9/1ewZ1vidbGyldpCojbbfMnCX6 cPISe+fIl8h5Ph81iRYNGiT6dqoHk3OHhw2PtXSCDieN5qZrqBigaDnRQ9awWbnK l2m19MBVaE7VtPCmqrqLH+uTqepFFspBs29AFHXiSw4L0aGicuaduSyZ5XpZ0xN3 ojDfBQYTmcafwmfyDDi2YsNJqCgJJLMmYo5eIklt3sgKypCs6NwJGl18Wgcv1WRO 4YOTATlUek/SuqnvIVl4Fv4A -----END CERTIFICATE----- -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org