Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 41910 invoked from network); 20 Oct 2004 15:51:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 20 Oct 2004 15:51:00 -0000 Received: (qmail 19393 invoked by uid 500); 20 Oct 2004 15:50:54 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 19309 invoked by uid 500); 20 Oct 2004 15:50:53 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 19296 invoked by uid 99); 20 Oct 2004 15:50:53 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of mamath@gmail.com designates 64.233.170.204 as permitted sender) Received: from [64.233.170.204] (HELO mproxy.gmail.com) (64.233.170.204) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 20 Oct 2004 08:50:52 -0700 Received: by mproxy.gmail.com with SMTP id 73so30904rnl for ; Wed, 20 Oct 2004 08:50:51 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=DQBVt7RKZuxdoKWBkxoQJuCxh/YEoMWYQ+zDPSmHuP182TwvKjxSsZEMnPxC+/1OBXOOXpTXW9zI7m9eK9mb9xqbUgHx1vXT6cGur1EqhR4QdxjJMT3DfBojJ1e/CM41So+rcEntbj1lW0fwwca1fQZafhqJaGU5e8BAERcnv54 Received: by 10.38.13.67 with SMTP id 67mr510492rnm; Wed, 20 Oct 2004 08:50:51 -0700 (PDT) Received: by 10.38.88.41 with HTTP; Wed, 20 Oct 2004 08:50:50 -0700 (PDT) Message-ID: <54f1458d0410200850eccb6da@mail.gmail.com> Date: Wed, 20 Oct 2004 08:50:50 -0700 From: Madhusudan Mathihalli Reply-To: Madhusudan Mathihalli To: dev@httpd.apache.org Subject: Re: Use of X509_NAME_oneline in mod_ssl In-Reply-To: <20041020073701.GA9065@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <54f1458d04101510173c5c4e00@mail.gmail.com> <20041015201416.GA2263@redhat.com> <54f1458d04101515417081e75d@mail.gmail.com> <20041016065857.GA3206@redhat.com> <54f1458d04102000132cbdb32a@mail.gmail.com> <20041020073701.GA9065@redhat.com> X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Wed, 20 Oct 2004 08:37:01 +0100, Joe Orton wrote: > On Wed, Oct 20, 2004 at 12:13:14AM -0700, Madhusudan Mathihalli wrote: > > On Sat, 16 Oct 2004 07:58:57 +0100, Joe Orton wrote: > > > Changing just the _DN variable format with a config directive sounds OK. > > > Adding new variables would be an alternative, but the names would > > > probably get *really* ugly... > > > > > That is correct - I should've been more clear in my mail. What I > > really meant was to give options like > > DNFormat SSL_SERVER_S_DN default > > DNFormat SSL_CLIENT_S_DN rfc2253 > > Actually I do wonder whether just adding new variable names > > SSL_{SERVER,CLIENT}_{I,S}_2253DN > > is the best way. If you have other modules which are accessing the DNs > directly from ssl_var_lookup you may not want to change the DN format > for them, but you do for some script, or vice versa. Those names aren't > so ugly, and it saves adding more config directives. What do you > reckon? > Sure - I like the idea. The one concern is that if we end up exporting both _DN and _2253DN formats, it'll have a performance impact on Apache. As it stands now, Apache is around 50% slower than Zeus (even with SPECweb2003). I'll start working on the patch Thanks -Madhu