On Tue, Feb 21, 2017 at 6:43 PM, Andrei Ivanov <andrei.iva...@gmail.com>
wrote:
> On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
>
>> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov <andrei.iva...@gmail.com>
>> wrote:
>> >>>
>> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
>>
>> The syntax may be rather:
>>
>> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>
>> Does it work better?
>>
>
> Uf, no :-(
> I've mentioned above, this is with Apache/2.4.6 (Red Hat Enterprise Linux)
> OpenSSL/1.0.1e-fips
> I was also trying the Header with expr=value, but then I noticed it's
> available in 2.4.10 and later
>
>
Trying with the latest Apache/2.4.25 and switching to expression values:
- These work:
Header set Client-IP "expr=%{REMOTE_ADDR}"
Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
- These do not work, even after I adapted the expression following the
documentation,
"Function calls use the %{funcname:arg} syntax rather than
funcname(arg).":
Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
Can't parse value expression : Function 'PeerExtList' does not exist
What should I do?
At least the standard expressions ("%{PeerExtList('2.5.29.17')}s") had a
modifier that indicated it's an SSL
expression and knew how to invoke it... even if it didn't work :-/
