httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ghetolay <gheto...@gmail.com>
Subject new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Date Wed, 20 May 2015 09:35:52 GMT
Hi,

I've created a new environment variable in order to test for an extended
key usage into a certificate. Like clientAuth on a client certificate
authentication for instance. This variable can then be used on a Require
directive as follow :

Require expr %{SSL_CLIENT_EXT_KEYUSAGE_clientAuth} == "true"

Format of the variable name is as follow :

SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose

Where purpose is either a shortname ( serverAuth, clientAuth etc...) or an
oid. Shortname are case insensitive and '.' on oid must be replace with '_'.
Here is some valid examples :

SSL_CLIENT_EXT_KEYUSAGE_clientAuth
SSL_SERVER_EXT_KEYUSAGE_SERVERAUTH
SSL_CLIENT_EXT_KEYUSAGE_1_3_6_1_5_5_7_3_2

You can check on the code here
<https://github.com/ghetolay/httpd/commit/7b5cde756ff965160313039fb83605724bae38cf>
.
We may improve the comparison of oid by checking each number one by one
instead of converting both *var* (replace '_' by '.') and *obj* (convert
into char*) and do a strcmp. But I'm not sure if openssl offers another way
to get oid other than OBJ_obj2txt().

Also it's my first time contributing to the Apache httpd project so I don't
know if I should open a bug at http://issues.apache.org/bugzilla/ or open a
pull request on github. I would rather do the latter :)

Please feel free to give me any feedback about code, patch, documentation
etc...

Ghetolay.

Mime
View raw message