httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Pazdziora <>
Subject Re: Using UPN from subjectAltName with SSLUserName
Date Fri, 19 Jun 2015 14:51:16 GMT
On Thu, Jun 18, 2015 at 12:22:21PM +0200, Yann Ylavic wrote:
> On Thu, Jun 18, 2015 at 11:49 AM, Jan Pazdziora <> wrote:
> >
> > I'd appreciate any comments about suitability of such change, as well
> > as the implementation. Specifically, I'm not sure if people will
> > prefer the generic and currently proposed
> >
> >         SSL_CLIENT_SAN_otherName_n
> >
> > which gets any value of otherName type, or perhaps going with
> >
> >         SSL_CLIENT_SAN_UPN_n
> >
> > and checking the OID just for the UPNs. Based on that decision I plan
> > to then respin the patch with documentation changes included.
> I think a more generic way would to have something like
> SSL_CLIENT_OID_<oid>_n, so that we wouldn't have to add a new field
> each time.
> In this case, that would be: SSL_CLIENT_OID_1.

Please find attached a patch which makes it possible to use




In the first case we use OBJ_create to create the object and then
compare its nid to OBJ_obj2nid result. In the second form we ignore
the OID.

I went with the SAN_otherName rather than OID to make it clear where
we get the value from. Of course, of you think that
SSL_CLIENT_OID_1. better and the correct place
to look for it is always in name->d.otherName, it should be easy to
change the name.

Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

View raw message