aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.ENV8
-rw-r--r--src/gnutls_hooks.c12
2 files changed, 12 insertions, 8 deletions
diff --git a/README.ENV b/README.ENV
index c055dfe..34dbcf6 100644
--- a/README.ENV
+++ b/README.ENV
@@ -19,7 +19,7 @@ SSL_CLIENT_V_START: The activation time of client's certificate.
19SSL_CLIENT_V_END: The expiration time of client's certificate. 19SSL_CLIENT_V_END: The expiration time of client's certificate.
20SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format. 20SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format.
21SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format. 21SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format.
22SSL_CLIENT_S_SAN%: These will contain the alternative names of the client certificate 22SSL_CLIENT_S_AN%: These will contain the alternative names of the client certificate
23 (% is a number starting from zero). The values will be prepended by "DNSNAME:", 23 (% is a number starting from zero). The values will be prepended by "DNSNAME:",
24 "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value 24 "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value
25 "UNSUPPORTED" will be set. 25 "UNSUPPORTED" will be set.
@@ -30,13 +30,13 @@ SSL_CLIENT_A_KEY: The public key algorithm in client's certificate.
30SSL_CLIENT_CERT: The PEM-encoded client certificate 30SSL_CLIENT_CERT: The PEM-encoded client certificate
31SSL_CLIENT_VERIFY: 31SSL_CLIENT_VERIFY:
32 whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) 32 whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED)
33SSL_CLIENT_S_TYPE: The certificate type can be X.509 or OPENPGP. 33SSL_CLIENT_CERT_TYPE: The certificate type can be X.509 or OPENPGP.
34 34
35SSL_SERVER_V_START: The activation time of server's certificate. 35SSL_SERVER_V_START: The activation time of server's certificate.
36SSL_SERVER_V_END: The expiration time of server's certificate. 36SSL_SERVER_V_END: The expiration time of server's certificate.
37SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format. 37SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format.
38SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format. 38SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format.
39SSL_SERVER_S_SAN%: These will contain the alternative names of the server certificate 39SSL_SERVER_S_AN%: These will contain the alternative names of the server certificate
40 (% is a number starting from zero). The values will be prepended by "DNSNAME:", 40 (% is a number starting from zero). The values will be prepended by "DNSNAME:",
41 "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value 41 "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value
42 "UNSUPPORTED" will be set. 42 "UNSUPPORTED" will be set.
@@ -45,5 +45,5 @@ SSL_SERVER_M_VERSION: The version of the server's certificate.
45SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate. 45SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate.
46SSL_SERVER_A_KEY: The public key algorithm in server's certificate. 46SSL_SERVER_A_KEY: The public key algorithm in server's certificate.
47SSL_SERVER_CERT: The PEM-encoded server certificate 47SSL_SERVER_CERT: The PEM-encoded server certificate
48SSL_SERVER_S_TYPE: The certificate type can be X.509 or OPENPGP. 48SSL_SERVER_CERT_TYPE: The certificate type can be X.509 or OPENPGP.
49 49
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 15b66fa..44b2bc1 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -793,7 +793,11 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side,
793 apr_psprintf(r->pool, "%u", ret)); 793 apr_psprintf(r->pool, "%u", ret));
794 794
795 apr_table_setn(env, 795 apr_table_setn(env,
796 apr_pstrcat(r->pool, MGS_SIDE, "_CERT_TYPE", NULL), "X.509");
797#ifdef COMPAT
798 apr_table_setn(env,
796 apr_pstrcat(r->pool, MGS_SIDE, "_S_TYPE", NULL), "X.509"); 799 apr_pstrcat(r->pool, MGS_SIDE, "_S_TYPE", NULL), "X.509");
800#endif
797 801
798 tmp = 802 tmp =
799 mgs_time2sz(gnutls_x509_crt_get_expiration_time 803 mgs_time2sz(gnutls_x509_crt_get_expiration_time
@@ -835,19 +839,19 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side,
835 839
836 if (ret == GNUTLS_SAN_DNSNAME) { 840 if (ret == GNUTLS_SAN_DNSNAME) {
837 apr_table_setn(env, 841 apr_table_setn(env,
838 apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), 842 apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i),
839 apr_psprintf(r->pool, "DNSNAME:%s", tmp2)); 843 apr_psprintf(r->pool, "DNSNAME:%s", tmp2));
840 } else if (ret == GNUTLS_SAN_RFC822NAME) { 844 } else if (ret == GNUTLS_SAN_RFC822NAME) {
841 apr_table_setn(env, 845 apr_table_setn(env,
842 apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), 846 apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i),
843 apr_psprintf(r->pool, "RFC822NAME:%s", tmp2)); 847 apr_psprintf(r->pool, "RFC822NAME:%s", tmp2));
844 } else if (ret == GNUTLS_SAN_URI) { 848 } else if (ret == GNUTLS_SAN_URI) {
845 apr_table_setn(env, 849 apr_table_setn(env,
846 apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), 850 apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i),
847 apr_psprintf(r->pool, "URI:%s", tmp2)); 851 apr_psprintf(r->pool, "URI:%s", tmp2));
848 } else { 852 } else {
849 apr_table_setn(env, 853 apr_table_setn(env,
850 apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), 854 apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i),
851 "UNSUPPORTED"); 855 "UNSUPPORTED");
852 } 856 }
853 } 857 }
generated by cgit (git 2.34.1) at 2024-11-26 22:02:21 +0000