Bug 57949 - new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Summary: new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.12
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-25 13:47 UTC by Ghetolay
Modified: 2015-05-25 13:47 UTC (History)
0 users


Attachments
patch (5.66 KB, patch)
2015-05-25 13:47 UTC, Ghetolay 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ghetolay 2015-05-25 13:47:40 UTC 
Created attachment 32755 [details]
patch

Hi,

I've created a new environment variable in order to test for an extended key usage into a certificate. Like clientAuth on a client certificate authentication for instance. This variable can then be used on a Require directive as follow : 

Require expr %{SSL_CLIENT_EXT_KEYUSAGE_clientAuth} == "true"

Format of the variable name is as follow : 

SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose 

Where purpose is either a shortname ( serverAuth, clientAuth etc...) or an oid. Shortname are case insensitive and '.' on oid must be replace with '_'.
Here is some valid examples : 

SSL_CLIENT_EXT_KEYUSAGE_clientAuth 
SSL_SERVER_EXT_KEYUSAGE_SERVERAUTH
SSL_CLIENT_EXT_KEYUSAGE_1_3_6_1_5_5_7_3_2

We may improve the comparison of oid by checking each number one by one instead of converting both var (replace '_' by '.') and obj (convert into char*) and do a strcmp. But I'm not sure if openssl offers another way to get oid other than OBJ_obj2txt(). 

We may also add the export of all the purpose as variable when +StdEnvVars is set on SSLOptions.

Please feel free to give me any feedback about code, patch, documentation etc...