httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anatoli Tubman <>
Subject mod_ssl standard environment variables
Date Mon, 24 Sep 2007 08:08:14 GMT

Somewhere between 2.0 and 2.2 mod_ssl has changed its API radically,
or rather, eliminated it. I used to access the client certificate via
the API as an X_509 data type and passed it to my own authentication
module. As of 2.2 X_509 is no longer accessible, the only way to
obtain the cert information is via standard environment variables,
as described in the user's guide.

I don't mind changing my code to access the cert info via
environment. This is not a problem. The problem is that the encoding
information is lost. ASN.1 strings can be of type BMPString
(equivalent to UCS-2) or UniversalString (UCS-4), in addition
to various UTF-8 compatible formats. The environment code happily
ignores this and spills (possibly escaped) bytes representing the
string to the environment.  There's no way to interpret these bytes
without knowing which encoding they come from.

The environment code uses X509_NAME_oneline(). Quoth the man page:

>The functions X509_NAME_oneline() and X509_NAME_print() are legacy
>functions which produce a non standard output form, they don't handle
>multi character fields and have various quirks and inconsistencies.
>Their use is strongly discouraged in new applications.

Is there any hope this will be fixed soon?


View raw message