Return-Path: 
 <dev-return-83043-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0501F17C70
	for <apmail-httpd-dev-archive@www.apache.org>;
 Thu, 18 Jun 2015 10:22:55 +0000 (UTC)
Received: (qmail 87954 invoked by uid 500); 18 Jun 2015 10:22:48 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 87880 invoked by uid 500); 18 Jun 2015 10:22:48 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 87870 invoked by uid 99); 18 Jun 2015 10:22:48 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2015 10:22:48 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of ylavic.dev@gmail.com designates
 209.85.213.179 as permitted sender)
Received: from [209.85.213.179] (HELO mail-ig0-f179.google.com)
 (209.85.213.179)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2015 10:20:33 +0000
Received: by igbiq7 with SMTP id iq7so87786704igb.1
        for <dev@httpd.apache.org>; Thu, 18 Jun 2015 03:22:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=pvtdnCXYTQGXcrSIKNXXv44TE3h3ufAuP6eEhmYQlpU=;
        b=x6K8mrXV1qp7/eU3l4lGm7bRv1n3+LpxBATCJjFjEGRHmhkOAnN+Zy7BLnGCYkyOyG
         zzpFyFqF4zPZFVXB1wVpTpNYqq/c9xCc0p2yD7bgF75yr/h1ZMf66tO2RlToOtoA6bly
         Fc5cp02gHTTdzAO5ZalXA9I7HVZxWa0Om7tmim/16pTlwx0LUo9IQu7fcDiXAtpxdFWP
         q4A2+nh1Ojp8eYirNaXIhhaCbghHHa/sy5tTX6/rQnZdHW0YCfmJ+ZIC8sA+szO0aBie
         SH30SBxdrVJj+y2BzqA6VQmhCGc610rmNpsx11rE0AhScQGLKkrgxeoWBcs6NDu5Zimz
         SV8Q==
MIME-Version: 1.0
X-Received: by 10.50.141.164 with SMTP id rp4mr41568763igb.2.1434622941593;
 Thu, 18 Jun 2015 03:22:21 -0700 (PDT)
Received: by 10.79.82.196 with HTTP; Thu, 18 Jun 2015 03:22:21 -0700 (PDT)
In-Reply-To: <20150618094946.GU18173@redhat.com>
References: <20150618094946.GU18173@redhat.com>
Date: Thu, 18 Jun 2015 12:22:21 +0200
Message-ID: 
 <CAKQ1sVPVuX7ntRt=XjSJ6Og1-gYxjkHv_N2aSNy6wR62XJ_gGw@mail.gmail.com>
Subject: Re: Using UPN from subjectAltName with SSLUserName
From: Yann Ylavic <ylavic.dev@gmail.com>
To: dev@httpd.apache.org
Content-Type: text/plain; charset=UTF-8
X-Virus-Checked: Checked by ClamAV on apache.org

On Thu, Jun 18, 2015 at 11:49 AM, Jan Pazdziora <jpazdziora@redhat.com> wrote:
>
> I'd appreciate any comments about suitability of such change, as well
> as the implementation. Specifically, I'm not sure if people will
> prefer the generic and currently proposed
>
>         SSL_CLIENT_SAN_otherName_n
>
> which gets any value of otherName type, or perhaps going with
>
>         SSL_CLIENT_SAN_UPN_n
>
> and checking the OID just for the UPNs. Based on that decision I plan
> to then respin the patch with documentation changes included.

I think a more generic way would to have something like
SSL_CLIENT_OID_<oid>_n, so that we wouldn't have to add a new field
each time.
In this case, that would be: SSL_CLIENT_OID_1.3.6.1.4.1.311.20.2.3_n.

Regards,
Yann.