From 0a2c453dd2f226102f11b165e34321a90d099452 Mon Sep 17 00:00:00 2001
From: Bradley Nicholes <bnicholes@apache.org>
Date: Thu, 20 Jan 2005 20:22:31 +0000
Subject: [PATCH] Recognize the new certificate formats

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125810 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_ldap.xml |  2 ++
 modules/ldap/util_ldap.c     | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml
index 0f61f44044..be413596d4 100644
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -480,8 +480,10 @@ Certificate Authority or global client certificates</description>
       <li>CERT_BASE64 - PEM encoded client certificate</li>
       <li>CERT_KEY3_DB - Netscape key3.db client certificate database file</li>
       <li>CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)</li>
+      <li>CERT_PFX - PKCS#12 encoded client certificate (Novell SDK)</li>
       <li>KEY_DER - binary DER encoded private key</li>
       <li>KEY_BASE64 - PEM encoded private key</li>
+      <li>KEY_PFX - PKCS#12 encoded private key (Novell SDK)</li>
     </ul>
 </usage>
 </directivesynopsis>
diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 55f8b007bd..991ba89a83 100644
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -1381,6 +1381,11 @@ static const int util_ldap_parse_cert_type(const char *type) {
         return APR_LDAP_CERT_TYPE_BASE64;
     }
 
+    /* Client cert file in PKCS#12 format */
+    else if (0 == strcasecmp("CERT_PFX", type)) {
+        return APR_LDAP_CERT_TYPE_PFX;
+    }
+
     /* Netscape client cert database file/directory */
     else if (0 == strcasecmp("CERT_KEY3_DB", type)) {
         return APR_LDAP_CERT_TYPE_KEY3_DB;
@@ -1401,6 +1406,11 @@ static const int util_ldap_parse_cert_type(const char *type) {
         return APR_LDAP_KEY_TYPE_BASE64;
     }
 
+    /* Client cert key file in PKCS#12 format */
+    else if (0 == strcasecmp("KEY_PFX", type)) {
+        return APR_LDAP_KEY_TYPE_PFX;
+    }
+
     else {
         return APR_LDAP_CA_TYPE_UNKNOWN;
     }
@@ -1504,13 +1514,14 @@ static const char *util_ldap_set_trusted_client_cert(cmd_parms *cmd, void *confi
             return apr_psprintf(cmd->pool, "The certificate type \"%s\" is "
                                            "not recognised. It should be one "
                                            "of CERT_DER, CERT_BASE64, "
-                                           "CERT_NICKNAME, "
-                                           "KEY_DER, KEY_BASE64", type);
+                                           "CERT_NICKNAME, CERT_PFX,"
+                                           "KEY_DER, KEY_BASE64, KEY_PFX", type);
         }
         else if (APR_LDAP_CA_TYPE_DER == cert_type ||
                  APR_LDAP_CA_TYPE_BASE64 == cert_type ||
                  APR_LDAP_CA_TYPE_CERT7_DB == cert_type ||
                  APR_LDAP_CA_TYPE_SECMOD == cert_type ||
+                 APR_LDAP_CERT_TYPE_PFX == cert_type ||
                  APR_LDAP_CERT_TYPE_KEY3_DB == cert_type) {
             return apr_psprintf(cmd->pool, "The certificate type \"%s\" is "
                                            "only valid within a "
-- 
2.50.1