66481 – SSL_CLIENT_SAN_Email (without _n) doesn't work

Bug 66481 - SSL_CLIENT_SAN_Email (without _n) doesn't work

Summary: SSL_CLIENT_SAN_Email (without _n) doesn't work

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.4.54
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-20 03:55 UTC by Christoph Anton Mitterer
Modified:	2023-02-20 03:55 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christoph Anton Mitterer 2023-02-20 03:55:33 UTC

Hey.

According to mod_ssl documentation:
" A variable name without a _n suffix is equivalent to that name with a _0 suffix; the first (or only) attribute."

However, I just tried using:
   AuthBasicFake "%{SSL_CLIENT_SAN_Email}"

and that gives:
[Mon Feb 20 04:49:13.142014 2023] [auth_basic:info] [pid 1223951:tid 140675291371264] [client 91.7.31.63:57882] AH02458: AuthBasicFake: empty username expression for URI '/grafana/login', ignoring

errors.

Using the very same cert, but with an appended "_0" to the variable makes it work.


Cheers,
Chris.