From: Joe Orton <jorton@apache.org>
Date: Sat, 28 Feb 2004 22:56:01 +0000 (+0000)
Subject: * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): For a DN
X-Git-Tag: pre_ajp_proxy~607
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=eb78a22c8568145b23cc5bf091e34631bbb29511;p=apache

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): For a DN
which includes several RDNs with the same OID, allow lookup of any
particular RDN using an "_<n>" suffix on the name.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102813 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 6a5013f21d..666de3f014 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -373,16 +373,27 @@ static const struct {
 
 static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var)
 {
-    char *result;
+    char *result, *ptr;
     X509_NAME_ENTRY *xsne;
-    int i, j, n;
+    int i, j, n, idx = 0;
     unsigned char *data_ptr;
     int data_len;
+    apr_size_t varlen;
+
+    /* if an _N suffix is used, find the Nth attribute of given name */
+    ptr = strchr(var, '_');
+    if (ptr != NULL && strspn(ptr + 1, "0123456789") == strlen(ptr + 1)) {
+        idx = atoi(ptr + 1);
+        varlen = ptr - var;
+    } else {
+        varlen = strlen(var);
+    }
 
     result = NULL;
 
     for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) {
-        if (strEQ(var, ssl_var_lookup_ssl_cert_dn_rec[i].name)) {
+        if (strEQn(var, ssl_var_lookup_ssl_cert_dn_rec[i].name, varlen)
+            && strlen(ssl_var_lookup_ssl_cert_dn_rec[i].name) == varlen) {
             for (j = 0; j < sk_X509_NAME_ENTRY_num((STACK_OF(X509_NAME_ENTRY) *)
                                                  X509_NAME_get_entries(xsname));
                  j++) {
@@ -393,7 +404,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *
                 data_ptr = X509_NAME_ENTRY_get_data_ptr(xsne);
                 data_len = X509_NAME_ENTRY_get_data_len(xsne);
 
-                if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) {
+                if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) {
                     result = apr_palloc(p, data_len+1);
                     apr_cpystrn(result, (char *)data_ptr, data_len+1);
 #ifdef CHARSET_EBCDIC