httpd-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [httpd] michael-o commented on a change in pull request #177: Add SSL_{CLIENT,SERVER}_B64CERT
Date Thu, 11 Mar 2021 18:38:41 GMT

michael-o commented on a change in pull request #177:
URL: https://github.com/apache/httpd/pull/177#discussion_r592614227



##########
File path: modules/ssl/ssl_private.h
##########
@@ -356,6 +356,7 @@ APLOG_USE_MODULE(ssl);
 #define SSL_OPT_STRICTREQUIRE  (1<<5)
 #define SSL_OPT_OPTRENEGOTIATE (1<<6)
 #define SSL_OPT_LEGACYDNFORMAT (1<<7)
+#define SSL_OPT_EXPORTCB64DATA (1<<8)

Review comment:
       Shouldn't this rather read `SSL_OPT_EXPORTBASE64CERTDATA`?

##########
File path: modules/ssl/ssl_engine_vars.c
##########
@@ -593,8 +623,13 @@ static const char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec
*r, X509 *
         result = (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid);
     }
     else if (strcEQ(var, "CERT")) {
-        result = ssl_var_lookup_ssl_cert_PEM(p, xs);
+        result = ssl_var_lookup_ssl_cert_data(p, xs, 1);
     }
+#if APR_VERSION_AT_LEAST(1,7,0)

Review comment:
       Why does this still require APR 1.7.0+?

##########
File path: modules/ssl/ssl_engine_kernel.c
##########
@@ -1607,6 +1607,15 @@ int ssl_hook_Fixup(request_rec *r)
         }
     }
 
+    if (dc->nOptions & SSL_OPT_EXPORTCB64DATA) {
+        val = ssl_var_lookup(r->pool, r->server, r->connection,
+                             r, "SSL_SERVER_B64CERT");
+        apr_table_setn(env, "SSL_SERVER_B64CERT", val);
+
+        val = ssl_var_lookup(r->pool, r->server, r->connection,
+                             r, "SSL_CLIENT_B64CERT");
+        apr_table_setn(env, "SSL_CLIENT_B64CERT", val);

Review comment:
       I still miss the entire chain for the sake of completeness.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org


Mime
View raw message