* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn_rec): Map

  the _UID variable to NID_userId, where defined by OpenSSL.

PR: 45107
Submitted by: Michael Ströder <michael stroeder.com>,
     Peter Sylvester <peter.sylvester edelweb.fr>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@787683 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 0f8befba75a992d0c2ced8e1b60b28d11f3559a7..6d911b4bc804a19c5c19221f408228dd31318ec5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@ Changes with Apache 2.3.3
   *) SECURITY: CVE-2009-1191 (cve.mitre.org)
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
+ 
+  *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
+     type.  PR 45107.  [Michael Ströder <michael stroeder.com>,
+     Peter Sylvester <peter.sylvester edelweb.fr>]
 
   *) mod_proxy_http: fix case sensitivity checking transfer encoding
      PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index a4c696e7aa872508ed024e1bc394aef93ca74a73..10fd8a0e703642981edd0f8565f4b7d14b341b5e 100644 (file)
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -428,10 +428,8 @@ static const struct {
     { "G",     NID_givenName,              1 },
     { "S",     NID_surname,                1 },
     { "D",     NID_description,            1 },
-#ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
-    { "UID",   NID_x500UniqueIdentifier,   1 },
-#else /* old name, OpenSSL < 0.9.7 */
-    { "UID",   NID_uniqueIdentifier,       1 },
+#ifdef NID_userId
+    { "UID",   NID_userId,                 1 },
 #endif
     { "Email", NID_pkcs9_emailAddress,     1 },
     { NULL,    0                          }