diff options
-rw-r--r-- | README.ENV | 24 | ||||
-rw-r--r-- | src/gnutls_hooks.c | 5 |
2 files changed, 26 insertions, 3 deletions
@@ -7,15 +7,33 @@ SSL_PROTOCOL: The SSL or TLS protocol name (such as "TLS 1.0" etc.) | |||
7 | SSL_CIPHER: The SSL or TLS cipher suite name. | 7 | SSL_CIPHER: The SSL or TLS cipher suite name. |
8 | SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE) | 8 | SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE) |
9 | SSL_SRP_USER: The SRP username used for authentication. | 9 | SSL_SRP_USER: The SRP username used for authentication. |
10 | SSL_CLIENT_VERIFY: | ||
11 | whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) | ||
12 | SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher | 10 | SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher |
13 | algorithm. This does not fully reflect the security level since the size of | 11 | algorithm. This does not fully reflect the security level since the size of |
14 | RSA or DHE key exchange parameters affect the security level too. | 12 | RSA or DHE key exchange parameters affect the security level too. |
15 | SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one. | 13 | SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one. |
16 | SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during | 14 | SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during |
17 | client reloads. | 15 | client reloads. |
18 | SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired. | ||
19 | 16 | ||
17 | SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired. | ||
18 | SSL_CLIENT_V_START: The activation time of client's certificate. | ||
19 | SSL_CLIENT_V_END: The expiration time of client's certificate. | ||
20 | SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format. | ||
21 | SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format. | ||
22 | SSL_CLIENT_M_SERIAL: The serial number of the client's certificate. | ||
23 | SSL_CLIENT_M_VERSION: The version of the client's certificate. | ||
24 | SSL_CLIENT_A_SIG: The algorithm used for the signature in client's certificate. | ||
25 | SSL_CLIENT_A_KEY: The public key algorithm in client's certificate. | ||
20 | SSL_CLIENT_CERT: The PEM-encoded client certificate | 26 | SSL_CLIENT_CERT: The PEM-encoded client certificate |
27 | SSL_CLIENT_VERIFY: | ||
28 | whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) | ||
29 | |||
30 | SSL_SERVER_V_START: The activation time of server's certificate. | ||
31 | SSL_SERVER_V_END: The expiration time of server's certificate. | ||
32 | SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format. | ||
33 | SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format. | ||
34 | SSL_SERVER_M_SERIAL: The serial number of the server's certificate. | ||
35 | SSL_SERVER_M_VERSION: The version of the server's certificate. | ||
36 | SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate. | ||
37 | SSL_SERVER_A_KEY: The public key algorithm in server's certificate. | ||
38 | |||
21 | SSL_SERVER_CERT: The PEM-encoded server certificate | 39 | SSL_SERVER_CERT: The PEM-encoded server certificate |
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e20592b..e89c7f0 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -834,6 +834,11 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, | |||
834 | apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL), | 834 | apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL), |
835 | apr_pstrdup(r->pool, tmp)); | 835 | apr_pstrdup(r->pool, tmp)); |
836 | 836 | ||
837 | alg = gnutls_x509_crt_get_version(cert); | ||
838 | if (alg > 0) | ||
839 | apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL), | ||
840 | apr_psprintf(r->pool, "%u", alg)); | ||
841 | |||
837 | tmp = | 842 | tmp = |
838 | mgs_time2sz(gnutls_x509_crt_get_expiration_time | 843 | mgs_time2sz(gnutls_x509_crt_get_expiration_time |
839 | (cert), buf, sizeof(buf)); | 844 | (cert), buf, sizeof(buf)); |