httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <>
Subject Fwd: [users@httpd] SSLRequire & UTF-8 characters
Date Wed, 17 Nov 2010 14:53:56 GMT

Hi Myles,

it might be appropriate to ping dev@ with this problem
I'm not sure if it's a bug or a feature.

So long,

----- "Myles Bunbury (Myles)" <> wrote:

> > Which version of OpenSSL do you have?
> openssl-0.9.8e-12.el5_4.6
> xmlsec1-openssl-1.2.9-8.1.1
> > What locale is your system running on?
> $LANG = en_US.UTF-8

----- Forwarded Message -----
From: "Myles Bunbury (Myles)" <>
Sent: Thursday, 11 November, 2010 9:33:37 PM
Subject: [users@httpd] SSLRequire & UTF-8 characters

I'm trying to setup a DN filter against a certificate that has UTF-8 characters in it.

The Subject DN for the incoming certificate is:

The filter I'm trying to use in the httpd configuration file is:
SSLRequire (%{SSL_CLIENT_S_DN} =~ m#^/.*CN=“Weird”@¿سǽ€.*$#i)

This pattern does work for me for other certificates that do not contain UTF-* characters.

After some investigation, I discovered that this line does successfully pick up the certificate:
SSLRequire (%{SSL_CLIENT_S_DN} =~ m#^/.*CN= \\x1C\\x00W\\x00e\\x00i\\x00r\\x00d \\x1D\\x00@\\x00\\xBF\\x063\\x01\\xFD

While that works for this particular case, I'm trying to develop something where the regex
string will be constructed based on an arbitrary certificate supplied at runtime.

1) Is it possible to configure httpd to match UTF-8 characters without all the escaping?

2) If all the "\\x" escaping is necessary, why are there 3 spaces in the escaped string when
they're not present in the certificate? (One space is after CN=, one after \\x00d, and one
after \\xFD.)

Other relevant info:
Apache httpd v2.2.16
PCRE v6.6-2.el5_1.7

I also tried PCRE v8.10, but I did not note any change in behaviour.

Igor Galić

Tel: +43 (0) 664 886 22 883

View raw message