Subject: Developers of Sympa
List archive
- From: Maurice Massar <address@concealed>
- To: address@concealed
- Subject: [sympa-dev] X.509, with Email in SubjAltName
- Date: Fri, 2 Jun 2006 17:06:04 +0200
hi,
as I was not able to find the mentioned patch to mod_ssl
to get SSL_CLIENT_S_EMAIL exported, I wrote another patch
based on SSL_CLIENT_CERT from "SSLOptions +ExportCertData".
Has anyone tried to push that X509v3 SubjectAlternativeName patch
into mod_ssl?
cu
maurice
--- wwsympa.fcgi-orig 2006-06-02 16:54:43.000000000 +0200
+++ wwsympa.fcgi 2006-06-02 16:57:39.000000000 +0200
@@ -59,6 +59,16 @@
require "--LIBDIR--/tools.pl";
require "--LIBDIR--/time_utils.pl";
+my $crypt_openssl_x509_ok;
+BEGIN {
+ if (eval "require Crypt::OpenSSL::X509") {
+ require Crypt::OpenSSL::X509;
+ $crypt_openssl_x509_ok = 1;
+ } else {
+ $crypt_openssl_x509_ok = 0;
+ }
+};
+
## WWSympa librairies
use wwslib;
use cookielib;
@@ -743,6 +753,11 @@
}elsif ($ENV{'SSL_CLIENT_S_DN'} =~ /\+MAIL=([^\+\/]+)$/) {
## Compatibility issue with old a-sign.at certs
$param->{'user'}{'email'} = lc($1);
+ }elsif ($crypt_openssl_x509_ok and
exists($ENV{SSL_CLIENT_CERT})) {
+ ## this is the X509v3 SubjectAlternativeName, and does only
+ ## require "SSLOptions +ExportCertData" without patching
+ ## mod_ssl -- address@concealed
+ $param->{'user'}{'email'} =
lc(Crypt::OpenSSL::X509->new_from_string($ENV{SSL_CLIENT_CERT})->email());
}
if($param->{user}{email}) {
-
[sympa-dev] X.509, with Email in SubjAltName,
Maurice Massar, 06/02/2006
- Re: [sympa-dev] X.509, with Email in SubjAltName, Olivier Salaün - CRU, 06/07/2006
Archive powered by MHonArc 2.6.19+.