httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Kirby <ski...@pcc.com>
Subject [users@httpd] mod_ssl support for SAN variables of URI type
Date Sun, 03 Mar 2019 17:09:29 GMT
Hi folks,

First time posting to the list, so be gentle if I'm off-base here, but here goes: it appears
as though mod_ssl doesn't currently provide variables for certain client certificate SAN formats.
 It appears to currently support DNS, email, and otherName.  I am working on a project that
requires certificate policy filtering based on client SAN in URI format.  The details can
be found here:

https://stackoverflow.com/questions/54909585/how-can-i-verify-the-contents-of-a-subject-alternate-name-in-uri-format-using-ap/54913137#54913137

Looking at the source code in the mod_ssl git hub repository, it appears as though this functionality
(providing access to a SSL_CLIENT_SAN_URI_n variable type) is well within reach (seems like
adding it to the switch clause with the other AI5 strings in ss_util_ssl.c and exporting it
as a variable in ssl_engine_vars.c would do the trick), but has simply not been implemented
yet: 

https://github.com/apache/httpd/blob/5f32ea94af5f1e7ea68d6fca58f0ac2478cc18c5/modules/ssl/ssl_util_ssl.c#L314
https://github.com/apache/httpd/blob/5f32ea94af5f1e7ea68d6fca58f0ac2478cc18c5/modules/ssl/ssl_engine_vars.c#L1109

With that said, I'm wondering what the appropriate action is for me to initiate this enhancement?
Is this something I should create a Bugzilla entry for?  Thanks in advance,

Scott Kirby
Interoperability Developer
PCC - Physicians Computer Company
800-722-7708
skirby@pcc.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message