diff options
| -rw-r--r-- | README.ENV | 24 | ||||
| -rw-r--r-- | src/gnutls_hooks.c | 5 | 
2 files changed, 26 insertions, 3 deletions
| @@ -7,15 +7,33 @@ SSL_PROTOCOL: The SSL or TLS protocol name (such as "TLS 1.0" etc.) | |||
| 7 | SSL_CIPHER: The SSL or TLS cipher suite name. | 7 | SSL_CIPHER: The SSL or TLS cipher suite name. | 
| 8 | SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE) | 8 | SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE) | 
| 9 | SSL_SRP_USER: The SRP username used for authentication. | 9 | SSL_SRP_USER: The SRP username used for authentication. | 
| 10 | SSL_CLIENT_VERIFY: | ||
| 11 | whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) | ||
| 12 | SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher | 10 | SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher | 
| 13 | algorithm. This does not fully reflect the security level since the size of | 11 | algorithm. This does not fully reflect the security level since the size of | 
| 14 | RSA or DHE key exchange parameters affect the security level too. | 12 | RSA or DHE key exchange parameters affect the security level too. | 
| 15 | SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one. | 13 | SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one. | 
| 16 | SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during | 14 | SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during | 
| 17 | client reloads. | 15 | client reloads. | 
| 18 | SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired. | ||
| 19 | 16 | ||
| 17 | SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired. | ||
| 18 | SSL_CLIENT_V_START: The activation time of client's certificate. | ||
| 19 | SSL_CLIENT_V_END: The expiration time of client's certificate. | ||
| 20 | SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format. | ||
| 21 | SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format. | ||
| 22 | SSL_CLIENT_M_SERIAL: The serial number of the client's certificate. | ||
| 23 | SSL_CLIENT_M_VERSION: The version of the client's certificate. | ||
| 24 | SSL_CLIENT_A_SIG: The algorithm used for the signature in client's certificate. | ||
| 25 | SSL_CLIENT_A_KEY: The public key algorithm in client's certificate. | ||
| 20 | SSL_CLIENT_CERT: The PEM-encoded client certificate | 26 | SSL_CLIENT_CERT: The PEM-encoded client certificate | 
| 27 | SSL_CLIENT_VERIFY: | ||
| 28 | whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) | ||
| 29 | |||
| 30 | SSL_SERVER_V_START: The activation time of server's certificate. | ||
| 31 | SSL_SERVER_V_END: The expiration time of server's certificate. | ||
| 32 | SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format. | ||
| 33 | SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format. | ||
| 34 | SSL_SERVER_M_SERIAL: The serial number of the server's certificate. | ||
| 35 | SSL_SERVER_M_VERSION: The version of the server's certificate. | ||
| 36 | SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate. | ||
| 37 | SSL_SERVER_A_KEY: The public key algorithm in server's certificate. | ||
| 38 | |||
| 21 | SSL_SERVER_CERT: The PEM-encoded server certificate | 39 | SSL_SERVER_CERT: The PEM-encoded server certificate | 
| diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e20592b..e89c7f0 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
| @@ -834,6 +834,11 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, | |||
| 834 | apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL), | 834 | apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL), | 
| 835 | apr_pstrdup(r->pool, tmp)); | 835 | apr_pstrdup(r->pool, tmp)); | 
| 836 | 836 | ||
| 837 | alg = gnutls_x509_crt_get_version(cert); | ||
| 838 | if (alg > 0) | ||
| 839 | apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL), | ||
| 840 | apr_psprintf(r->pool, "%u", alg)); | ||
| 841 | |||
| 837 | tmp = | 842 | tmp = | 
| 838 | mgs_time2sz(gnutls_x509_crt_get_expiration_time | 843 | mgs_time2sz(gnutls_x509_crt_get_expiration_time | 
| 839 | (cert), buf, sizeof(buf)); | 844 | (cert), buf, sizeof(buf)); | 
