From b177ea9fcc4273a2dc5962d9889de5a8c4407e09 Mon Sep 17 00:00:00 2001 From: Kaspar Brand Date: Sun, 26 Apr 2015 07:03:31 +0000 Subject: [PATCH] Merge r1650047 from trunk: Add support for extracting subjectAltName entries of type rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables. * docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the environment variables table * modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction of subjectAltName entries for the "StdEnvVars" case * modules/ssl/ssl_engine_vars.c: add support for retrieving the SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with individual on-demand lookup (ssl_var_lookup_ssl_cert_san), or with full-list extraction to the environment ("StdEnvVars") * modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype * modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where suitable. Limit SSL_X509_getSAN to the two most common subjectAltName entry types appearing in user or server certificates (i.e., rfc822Name and dNSName), for the time being. * modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8 and SSL_X509_getSAN prototypes Proposed by: kbrand Reviewed by: ylavic, druggeri git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1676087 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CHANGES b/CHANGES index 77f3f103be..204ff7f681 100644 --- a/CHANGES +++ b/CHANGES @@ -76,10 +76,6 @@ Changes with Apache 2.5.0 *) mod_rewrite: Improve 'bad flag delimeters' startup error by showing how the input was tokenized. PR 56528. [Edward Lu ] - *) mod_ssl: Add support for extracting subjectAltName entries of type - rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n - environment variables. Also addresses PR 57207. [Kaspar Brand] - *) mod_proxy: Don't put non balancer-member workers in error state by default for connection or 500/503 errors, and honor status=+I for any error. PR 48388. [Yann Ylavic] -- 2.40.0