added SSL_SERVER_M_SERIAL environment variable

author: Nokis Mavrogiannopoulos 2007-12-02 09:05:52 +0000
committer: Nokis Mavrogiannopoulos 2007-12-02 09:05:52 +0000
commit: 11826a606e9aa9a257e30515f41a41c80665081a (patch)
tree: e609a5c0d9722e01bbfde74aae306c0d7f304d45
parent: 3ce85fd536b52f0e04e86451215cdf01ffa22f6b (diff)
2 files changed, 26 insertions, 3 deletions
diff --git a/README.ENV b/README.ENV
index 828e68e..b18e4d1 100644
--- a/README.ENV
+++ b/README.ENV
@@ -7,15 +7,33 @@ SSL_PROTOCOL: The SSL or TLS protocol name (such as "TLS 1.0" etc.)
 SSL_CIPHER: The SSL or TLS cipher suite name.
 SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE)
 SSL_SRP_USER: The SRP username used for authentication.
-SSL_CLIENT_VERIFY: 
-  whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED)
 SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher
  algorithm. This does not fully reflect the security level since the size of 
  RSA or DHE key exchange parameters affect the security level too.
 SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one.
 SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during
  client reloads.
-SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired.
+SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired.
+SSL_CLIENT_V_START: The activation time of client's certificate.
+SSL_CLIENT_V_END: The expiration time of client's certificate.
+SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format.
+SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format.
+SSL_CLIENT_M_SERIAL: The serial number of the client's certificate.
+SSL_CLIENT_M_VERSION: The version of the client's certificate.
+SSL_CLIENT_A_SIG: The algorithm used for the signature in client's certificate.
+SSL_CLIENT_A_KEY: The public key algorithm in client's certificate.
 SSL_CLIENT_CERT: The PEM-encoded client certificate
+SSL_CLIENT_VERIFY: 
+  whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED)
+SSL_SERVER_V_START: The activation time of server's certificate.
+SSL_SERVER_V_END: The expiration time of server's certificate.
+SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format.
+SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format.
+SSL_SERVER_M_SERIAL: The serial number of the server's certificate.
+SSL_SERVER_M_VERSION: The version of the server's certificate.
+SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate.
+SSL_SERVER_A_KEY: The public key algorithm in server's certificate.
 SSL_SERVER_CERT: The PEM-encoded server certificate
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index e20592b..e89c7f0 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -834,6 +834,11 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side,
    apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL),
                   apr_pstrdup(r->pool, tmp));
+    alg = gnutls_x509_crt_get_version(cert);
+    if (alg > 0)
+      apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL),
+                   apr_psprintf(r->pool, "%u", alg));
    tmp =
        mgs_time2sz(gnutls_x509_crt_get_expiration_time
                    (cert), buf, sizeof(buf));
author	Nokis Mavrogiannopoulos	2007-12-02 09:05:52 +0000
committer	Nokis Mavrogiannopoulos	2007-12-02 09:05:52 +0000
commit	11826a606e9aa9a257e30515f41a41c80665081a (patch)
tree	e609a5c0d9722e01bbfde74aae306c0d7f304d45
parent	3ce85fd536b52f0e04e86451215cdf01ffa22f6b (diff)

diff --git a/README.ENV b/README.ENV index 828e68e..b18e4d1 100644 --- a/README.ENV +++ b/README.ENV
@@ -7,15 +7,33 @@ SSL_PROTOCOL: The SSL or TLS protocol name (such as "TLS 1.0" etc.)
7	SSL_CIPHER: The SSL or TLS cipher suite name.	7	SSL_CIPHER: The SSL or TLS cipher suite name.
8	SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE)	8	SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE)
9	SSL_SRP_USER: The SRP username used for authentication.	9	SSL_SRP_USER: The SRP username used for authentication.
10	SSL_CLIENT_VERIFY:
11	whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED)
12	SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher	10	SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher
13	algorithm. This does not fully reflect the security level since the size of	11	algorithm. This does not fully reflect the security level since the size of
14	RSA or DHE key exchange parameters affect the security level too.	12	RSA or DHE key exchange parameters affect the security level too.
15	SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one.	13	SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one.
16	SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during	14	SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during
17	client reloads.	15	client reloads.
18	SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired.
19		16
		17	SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired.
		18	SSL_CLIENT_V_START: The activation time of client's certificate.
		19	SSL_CLIENT_V_END: The expiration time of client's certificate.
		20	SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format.
		21	SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format.
		22	SSL_CLIENT_M_SERIAL: The serial number of the client's certificate.
		23	SSL_CLIENT_M_VERSION: The version of the client's certificate.
		24	SSL_CLIENT_A_SIG: The algorithm used for the signature in client's certificate.
		25	SSL_CLIENT_A_KEY: The public key algorithm in client's certificate.
20	SSL_CLIENT_CERT: The PEM-encoded client certificate	26	SSL_CLIENT_CERT: The PEM-encoded client certificate
		27	SSL_CLIENT_VERIFY:
		28	whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED)
		29
		30	SSL_SERVER_V_START: The activation time of server's certificate.
		31	SSL_SERVER_V_END: The expiration time of server's certificate.
		32	SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format.
		33	SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format.
		34	SSL_SERVER_M_SERIAL: The serial number of the server's certificate.
		35	SSL_SERVER_M_VERSION: The version of the server's certificate.
		36	SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate.
		37	SSL_SERVER_A_KEY: The public key algorithm in server's certificate.
		38
21	SSL_SERVER_CERT: The PEM-encoded server certificate	39	SSL_SERVER_CERT: The PEM-encoded server certificate


diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e20592b..e89c7f0 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c
@@ -834,6 +834,11 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side,
834	apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL),	834	apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL),
835	apr_pstrdup(r->pool, tmp));	835	apr_pstrdup(r->pool, tmp));
836		836
		837	alg = gnutls_x509_crt_get_version(cert);
		838	if (alg > 0)
		839	apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL),
		840	apr_psprintf(r->pool, "%u", alg));
		841
837	tmp =	842	tmp =
838	mgs_time2sz(gnutls_x509_crt_get_expiration_time	843	mgs_time2sz(gnutls_x509_crt_get_expiration_time
839	(cert), buf, sizeof(buf));	844	(cert), buf, sizeof(buf));