From 25dad18080752b23f13044771b42862a36856d46 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 10 Dec 2007 22:49:20 +0000 Subject: --- README.ENV | 8 ++++---- src/gnutls_hooks.c | 12 ++++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README.ENV b/README.ENV index c055dfe..34dbcf6 100644 --- a/README.ENV +++ b/README.ENV @@ -19,7 +19,7 @@ SSL_CLIENT_V_START: The activation time of client's certificate. SSL_CLIENT_V_END: The expiration time of client's certificate. SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format. SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format. -SSL_CLIENT_S_SAN%: These will contain the alternative names of the client certificate +SSL_CLIENT_S_AN%: These will contain the alternative names of the client certificate (% is a number starting from zero). The values will be prepended by "DNSNAME:", "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value "UNSUPPORTED" will be set. @@ -30,13 +30,13 @@ SSL_CLIENT_A_KEY: The public key algorithm in client's certificate. SSL_CLIENT_CERT: The PEM-encoded client certificate SSL_CLIENT_VERIFY: whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) -SSL_CLIENT_S_TYPE: The certificate type can be X.509 or OPENPGP. +SSL_CLIENT_CERT_TYPE: The certificate type can be X.509 or OPENPGP. SSL_SERVER_V_START: The activation time of server's certificate. SSL_SERVER_V_END: The expiration time of server's certificate. SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format. SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format. -SSL_SERVER_S_SAN%: These will contain the alternative names of the server certificate +SSL_SERVER_S_AN%: These will contain the alternative names of the server certificate (% is a number starting from zero). The values will be prepended by "DNSNAME:", "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value "UNSUPPORTED" will be set. @@ -45,5 +45,5 @@ SSL_SERVER_M_VERSION: The version of the server's certificate. SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate. SSL_SERVER_A_KEY: The public key algorithm in server's certificate. SSL_SERVER_CERT: The PEM-encoded server certificate -SSL_SERVER_S_TYPE: The certificate type can be X.509 or OPENPGP. +SSL_SERVER_CERT_TYPE: The certificate type can be X.509 or OPENPGP. diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 15b66fa..44b2bc1 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -792,8 +792,12 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL), apr_psprintf(r->pool, "%u", ret)); + apr_table_setn(env, + apr_pstrcat(r->pool, MGS_SIDE, "_CERT_TYPE", NULL), "X.509"); +#ifdef COMPAT apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_S_TYPE", NULL), "X.509"); +#endif tmp = mgs_time2sz(gnutls_x509_crt_get_expiration_time @@ -835,19 +839,19 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, if (ret == GNUTLS_SAN_DNSNAME) { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), apr_psprintf(r->pool, "DNSNAME:%s", tmp2)); } else if (ret == GNUTLS_SAN_RFC822NAME) { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), apr_psprintf(r->pool, "RFC822NAME:%s", tmp2)); } else if (ret == GNUTLS_SAN_URI) { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), apr_psprintf(r->pool, "URI:%s", tmp2)); } else { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), "UNSUPPORTED"); } } -- cgit