Some changes in mod_ssl API

Some changes in mod_ssl API

am 21.01.2006 19:43:40 von shetuhin

Hello!

I think is good idea to enable common work of two these options:

SSLOptions +FakeBasicAuth
and
SSLUserName

When we enable FakeBasicAuth option, we take username
not "user", but "/C=RU/ST=-/L=Moscow/O=example.com/OU=Example/CN=user/emailA ddress=user@example.com"

This is in some cases inconveniently -- if we use, for
example, Subversion VCS and make user authentication via certificate
we take "strange" commiter's usename.

I suggest to make some changes in mod_ssl module to allow set username as
a part of Subject of the Client's X509 Certificate.

For example, if SSLUserName is set to SSL_CLIENT_S_DN_CN, faked username is "user".

Please look on these patches:

For Apache 1.3
http://reki.ru/products/mod_ssl/mod_ssl-2.8.25-1.3.34-Userna me-patch

and

For Apache 2
http://reki.ru/products/subversion/patch-server-ssl_engine_k ernel.c

--
With best regards, Andrei.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org