Lines 88-94
compatibility variables.</p>
Link Here
|
88 |
<tr><td><code>SSL_CLIENT_CERT_CHAIN_</code><em>n</em></td> <td>string</td> <td>PEM-encoded certificates in client certificate chain</td></tr> |
88 |
<tr><td><code>SSL_CLIENT_CERT_CHAIN_</code><em>n</em></td> <td>string</td> <td>PEM-encoded certificates in client certificate chain</td></tr> |
89 |
<tr><td><code>SSL_CLIENT_CERT_RFC4523_CEA</code></td> <td>string</td> <td>Serial number and issuer of the certificate. The format matches that of the CertificateExactAssertion in RFC4523</td></tr> |
89 |
<tr><td><code>SSL_CLIENT_CERT_RFC4523_CEA</code></td> <td>string</td> <td>Serial number and issuer of the certificate. The format matches that of the CertificateExactAssertion in RFC4523</td></tr> |
90 |
<tr><td><code>SSL_CLIENT_VERIFY</code></td> <td>string</td> <td><code>NONE</code>, <code>SUCCESS</code>, <code>GENEROUS</code> or <code>FAILED:</code><em>reason</em></td></tr> |
90 |
<tr><td><code>SSL_CLIENT_VERIFY</code></td> <td>string</td> <td><code>NONE</code>, <code>SUCCESS</code>, <code>GENEROUS</code> or <code>FAILED:</code><em>reason</em></td></tr> |
91 |
<tr><td><code>SSL_CLIENT_EXT_KEYUSAGE_</code><em>purpose</em></td> <td>string</td> <td><code>true</code> if certificate has the corresponding <em>purpose</em> otherwise <code>false</code>.</td></tr> |
|
|
92 |
<tr><td><code>SSL_SERVER_M_VERSION</code></td> <td>string</td> <td>The version of the server certificate</td></tr> |
91 |
<tr><td><code>SSL_SERVER_M_VERSION</code></td> <td>string</td> <td>The version of the server certificate</td></tr> |
93 |
<tr><td><code>SSL_SERVER_M_SERIAL</code></td> <td>string</td> <td>The serial of the server certificate</td></tr> |
92 |
<tr><td><code>SSL_SERVER_M_SERIAL</code></td> <td>string</td> <td>The serial of the server certificate</td></tr> |
94 |
<tr><td><code>SSL_SERVER_S_DN</code></td> <td>string</td> <td>Subject DN in server's certificate</td></tr> |
93 |
<tr><td><code>SSL_SERVER_S_DN</code></td> <td>string</td> <td>Subject DN in server's certificate</td></tr> |
Lines 102-108
compatibility variables.</p>
Link Here
|
102 |
<tr><td><code>SSL_SERVER_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of server's certificate</td></tr> |
101 |
<tr><td><code>SSL_SERVER_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of server's certificate</td></tr> |
103 |
<tr><td><code>SSL_SERVER_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of server's certificate</td></tr> |
102 |
<tr><td><code>SSL_SERVER_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of server's certificate</td></tr> |
104 |
<tr><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr> |
103 |
<tr><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr> |
105 |
<tr><td><code>SSL_SERVER_EXT_KEYUSAGE_</code><em>purpose</em></td> <td>string</td> <td><code>true</code> if certificate has the corresponding <em>purpose</em> otherwise <code>false</code>.</td></tr> |
|
|
106 |
<tr><td><code>SSL_SRP_USER</code></td> <td>string</td> <td>SRP username</td></tr> |
104 |
<tr><td><code>SSL_SRP_USER</code></td> <td>string</td> <td>SRP username</td></tr> |
107 |
<tr><td><code>SSL_SRP_USERINFO</code></td> <td>string</td> <td>SRP user info</td></tr> |
105 |
<tr><td><code>SSL_SRP_USERINFO</code></td> <td>string</td> <td>SRP user info</td></tr> |
108 |
<tr><td><code>SSL_TLS_SNI</code></td> <td>string</td> <td>Contents of the SNI TLS extension (if supplied with ClientHello)</td></tr> |
106 |
<tr><td><code>SSL_TLS_SNI</code></td> <td>string</td> <td>Contents of the SNI TLS extension (if supplied with ClientHello)</td></tr> |
Lines 125-141
the <directive module="mod_ssl">SSLOptions</directive> directive, the
Link Here
|
125 |
first (or only) attribute of any DN is added only under a non-suffixed |
123 |
first (or only) attribute of any DN is added only under a non-suffixed |
126 |
name; i.e. no <code>_0</code> suffixed entries are added.</p> |
124 |
name; i.e. no <code>_0</code> suffixed entries are added.</p> |
127 |
|
125 |
|
128 |
<p><em>purpose</em> specifies an extended key usage value either as a |
|
|
129 |
shortname or as an oid. Shortname are case insensitive. Since dots aren't |
130 |
permit on variable name if <em>purpose</em> define an oid all <code>'.'</code> should |
131 |
be replace with <code>'_'</code>. Theses are all valid values : |
132 |
<code>SSL_CLIENT_EXT_KEYUSAGE_clientAuth</code>, |
133 |
<code>SSL_CLIENT_EXT_KEYUSAGE_CLIENTAUTH</code>, |
134 |
<code>SSL_CLIENT_EXT_KEYUSAGE_1_3_6_1_5_5_7_3_2</code>. RFC5280 stipulate |
135 |
that <em>extended key usage extension</em> must be consistent with |
136 |
<em>key usage extension</em> but no check of such are done here. |
137 |
</p> |
138 |
|
139 |
<p>The format of the <em>*_DN</em> variables has changed in Apache HTTPD |
126 |
<p>The format of the <em>*_DN</em> variables has changed in Apache HTTPD |
140 |
2.3.11. See the <code>LegacyDNStringFormat</code> option for |
127 |
2.3.11. See the <code>LegacyDNStringFormat</code> option for |
141 |
<directive module="mod_ssl">SSLOptions</directive> for details.</p> |
128 |
<directive module="mod_ssl">SSLOptions</directive> for details.</p> |