httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57949] New: new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Date Mon, 25 May 2015 13:47:40 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=57949

            Bug ID: 57949
           Summary: new mod_ssl environment variable
                    SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
           Product: Apache httpd-2
           Version: 2.4.12
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: ghetolay@gmail.com

Created attachment 32755
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32755&action=edit
patch

Hi,

I've created a new environment variable in order to test for an extended key
usage into a certificate. Like clientAuth on a client certificate
authentication for instance. This variable can then be used on a Require
directive as follow : 

Require expr %{SSL_CLIENT_EXT_KEYUSAGE_clientAuth} == "true"

Format of the variable name is as follow : 

SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose 

Where purpose is either a shortname ( serverAuth, clientAuth etc...) or an oid.
Shortname are case insensitive and '.' on oid must be replace with '_'.
Here is some valid examples : 

SSL_CLIENT_EXT_KEYUSAGE_clientAuth 
SSL_SERVER_EXT_KEYUSAGE_SERVERAUTH
SSL_CLIENT_EXT_KEYUSAGE_1_3_6_1_5_5_7_3_2

We may improve the comparison of oid by checking each number one by one instead
of converting both var (replace '_' by '.') and obj (convert into char*) and do
a strcmp. But I'm not sure if openssl offers another way to get oid other than
OBJ_obj2txt(). 

We may also add the export of all the purpose as variable when +StdEnvVars is
set on SSLOptions.

Please feel free to give me any feedback about code, patch, documentation
etc...

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message