52553 – missing support for DirectoryString

Bug 52553 - missing support for DirectoryString

Summary: missing support for DirectoryString

Status:	RESOLVED LATER

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.0-HEAD
Hardware:	PC Linux

Importance:	P2 minor (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	FixedInTrunk

Depends on:
Blocks:

Reported:	2012-01-29 19:08 UTC by Roumen Petrov
Modified:	2012-02-05 11:12 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Roumen Petrov 2012-01-29 19:08:02 UTC

Module use raw data for SSL_CLIENT_{S|I}_DN_x509 environment variables. 
If an certificate contain distinguished name item encoded as BMPString and universalString this item cannot be used in neither in LogFormat nor in SSLRequire.
By example such items are logged as - in log file.

Since BMPString and UniversalString are included in RFC 5280 for backward compatibility severity is set to minor.

Comment 1 Kaspar Brand 2012-02-04 08:01:36 UTC

For 2.4, this was addressed with the changes in r1054323 - see also the thread "Re: SSLRequire & UTF-8 characters & backward compatibility" on httpd-dev: 

http://mail-archives.apache.org/mod_mbox/httpd-dev/201012.mbox/%3C201012190158.28169.sf@sfritsch.de%3E

I think it's unlikely that this is ever going to be backported to 2.0.