httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knacktus <knack...@googlemail.com>
Subject [users@httpd] mod_ssl: Failed to set r->user to 'SSL_CLIENT_S_DN_Email'
Date Tue, 28 Oct 2014 12:38:52 GMT
Hi all,

I'm using mod_ssl to authenticate user by a client certificate. The
certificate contains the E-Mail address as subject alternative name:

...
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                email:joe.johnson@jojo.de
...

mod_ssl is configured as

...
SSLOptions +StdEnvVars +ExportCertData
SSLUserName SSL_CLIENT_S_DN_Email
...

The documentation says: ...

*x509* specifies a component of an X.509 DN; one of
C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email.

Now, in my case, the subject DN itself is only:

DC=JOJO, CN=JOHNSON JOE SOME_ABBREVATION SOME_NUMBER

Any ideas of how to extract the E-Mail Adresse from the X509v3 extension an
map it to th SSLUserName?

Cheers,

Jan

Mime
View raw message