httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Kalu┼ża <jkal...@redhat.com>
Subject Re: Using UPN from subjectAltName with SSLUserName
Date Fri, 19 Jun 2015 09:32:08 GMT
On 06/18/2015 12:22 PM, Yann Ylavic wrote:
> On Thu, Jun 18, 2015 at 11:49 AM, Jan Pazdziora <jpazdziora@redhat.com> wrote:
>>
>> I'd appreciate any comments about suitability of such change, as well
>> as the implementation. Specifically, I'm not sure if people will
>> prefer the generic and currently proposed
>>
>>          SSL_CLIENT_SAN_otherName_n
>>
>> which gets any value of otherName type, or perhaps going with
>>
>>          SSL_CLIENT_SAN_UPN_n
>>
>> and checking the OID just for the UPNs. Based on that decision I plan
>> to then respin the patch with documentation changes included.
>
> I think a more generic way would to have something like
> SSL_CLIENT_OID_<oid>_n, so that we wouldn't have to add a new field
> each time.
> In this case, that would be: SSL_CLIENT_OID_1.3.6.1.4.1.311.20.2.3_n.

I think that's nice idea. I can probably work on that. The only question 
is if we would like to have this generic way as additional feature, or 
we really want to use it instead of the SSL_CLIENT_SAN_otherName_n as 
proposed by Jan.

I think that the common cases should have non-generic variable. The 
question is if otherName is the common case.

Ideas?

> Regards,
> Yann.
>

Regards,
Jan Kaluza


Mime
View raw message