Bug 57949 - new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Summary: new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.12
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2015-05-25 13:47 UTC by Ghetolay
Modified: 2015-05-25 13:47 UTC (History)
0 users

patch (5.66 KB, patch)
2015-05-25 13:47 UTC, Ghetolay
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ghetolay 2015-05-25 13:47:40 UTC
Created attachment 32755 [details]


I've created a new environment variable in order to test for an extended key usage into a certificate. Like clientAuth on a client certificate authentication for instance. This variable can then be used on a Require directive as follow : 

Require expr %{SSL_CLIENT_EXT_KEYUSAGE_clientAuth} == "true"

Format of the variable name is as follow : 


Where purpose is either a shortname ( serverAuth, clientAuth etc...) or an oid. Shortname are case insensitive and '.' on oid must be replace with '_'.
Here is some valid examples : 


We may improve the comparison of oid by checking each number one by one instead of converting both var (replace '_' by '.') and obj (convert into char*) and do a strcmp. But I'm not sure if openssl offers another way to get oid other than OBJ_obj2txt(). 

We may also add the export of all the purpose as variable when +StdEnvVars is set on SSLOptions.

Please feel free to give me any feedback about code, patch, documentation etc...