Hi folks, First time posting to the list, so be gentle if I'm off-base here, but here goes: it appears as though mod_ssl doesn't currently provide variables for certain client certificate SAN formats. It appears to currently support DNS, email, and otherName. I am working on a project that requires certificate policy filtering based on client SAN in URI format. The details can be found here:
https://stackoverflow.com/questions/54909585/how-can-i-verify-the-contents-of-a-subject-alternate-name-in-uri-format-using-ap/54913137#54913137 Looking at the source code in the mod_ssl git hub repository, it appears as though this functionality (providing access to a SSL_CLIENT_SAN_URI_n variable type) is well within reach (seems like adding it to the switch clause with the other AI5 strings in ss_util_ssl.c and exporting it as a variable in ssl_engine_vars.c would do the trick), but has simply not been implemented yet: https://github.com/apache/httpd/blob/5f32ea94af5f1e7ea68d6fca58f0ac2478cc18c5/modules/ssl/ssl_util_ssl.c#L314 https://github.com/apache/httpd/blob/5f32ea94af5f1e7ea68d6fca58f0ac2478cc18c5/modules/ssl/ssl_engine_vars.c#L1109 With that said, I'm wondering what the appropriate action is for me to initiate this enhancement? Is this something I should create a Bugzilla entry for? Thanks in advance, Scott Kirby Interoperability Developer PCC - Physicians Computer Company 800-722-7708 ski...@pcc.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
