Bug 56102 - SSL_CLIENT_S_DN_x509_0 is undefined in the environment table
Summary: SSL_CLIENT_S_DN_x509_0 is undefined in the environment table
Status: RESOLVED WONTFIX
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.6
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-03 12:06 UTC by Willy Weisz
Modified: 2018-11-09 16:41 UTC (History)
1 user (show)


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Willy Weisz 2014-02-03 12:06:54 UTC 
According to the description for mod_ssl multiple occurrences of x509 components are returned with a "_n" suffix, with n starting at 0. The description also explicitly states that both forms ..._x509 and ..._x509_0 return the same value, the first ..._x509 attribute value.
My issue was that SSL_CLIENT_S_DN_OU returned the correct value, but SSL_CLIENT_S_DN_OU_0 was undefined.
Providing ..._x509_0 provides allows to write compact code when scanning through multiple same name attributes, whereas the present situation forces one to single out the first component.
Comment 1 Willy Weisz 2014-02-13 16:19:42 UTC 
Sorry: The description of mod_ssl is correct in that it says that no _0 variable is available in the environment table. But the fact remains that apache scripts (e.g. in PHP) can't access a variable _0, contrary to what apache itself can do in its configuration files (e.g. in requirement statements).
Comment 2 Joe Orton 2014-02-14 11:11:42 UTC 
It would be expensive to have mod_ssl export all the DN components.  If the problem here is specifically with PHP, the right thing to do is to create a hook in the mod_php SAPI so it can make ssl_var_lookup() available to PHP scripts directly - that should be very very simple.
Comment 3 Joe Orton 2014-02-14 11:12:25 UTC 
^ export all the DN components *twice*.