httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ghetolay <>
Subject new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Date Wed, 20 May 2015 09:35:52 GMT

I've created a new environment variable in order to test for an extended
key usage into a certificate. Like clientAuth on a client certificate
authentication for instance. This variable can then be used on a Require
directive as follow :

Require expr %{SSL_CLIENT_EXT_KEYUSAGE_clientAuth} == "true"

Format of the variable name is as follow :


Where purpose is either a shortname ( serverAuth, clientAuth etc...) or an
oid. Shortname are case insensitive and '.' on oid must be replace with '_'.
Here is some valid examples :


You can check on the code here
We may improve the comparison of oid by checking each number one by one
instead of converting both *var* (replace '_' by '.') and *obj* (convert
into char*) and do a strcmp. But I'm not sure if openssl offers another way
to get oid other than OBJ_obj2txt().

Also it's my first time contributing to the Apache httpd project so I don't
know if I should open a bug at or open a
pull request on github. I would rather do the latter :)

Please feel free to give me any feedback about code, patch, documentation


View raw message