From ee65fcb2aaa2d599d13864090f6e567cdc91a9b0 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 2 Dec 2007 09:05:52 +0000 Subject: added SSL_SERVER_M_SERIAL environment variable --- README.ENV | 24 +++++++++++++++++++++--- src/gnutls_hooks.c | 5 +++++ 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/README.ENV b/README.ENV index 828e68e..b18e4d1 100644 --- a/README.ENV +++ b/README.ENV @@ -7,15 +7,33 @@ SSL_PROTOCOL: The SSL or TLS protocol name (such as "TLS 1.0" etc.) SSL_CIPHER: The SSL or TLS cipher suite name. SSL_COMPRESS_METHOD: The negotiated compression method (NULL or DEFLATE) SSL_SRP_USER: The SRP username used for authentication. -SSL_CLIENT_VERIFY: - whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE: The number if bits used in the used cipher algorithm. This does not fully reflect the security level since the size of RSA or DHE key exchange parameters affect the security level too. SSL_CIPHER_EXPORT: true or false. Whether the cipher suite negotiated is an export one. SSL_SESSION_ID: The session ID negotiated in this session. Can be the same during client reloads. -SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired. +SSL_CLIENT_V_REMAIN: The number of days until the client's certificate is expired. +SSL_CLIENT_V_START: The activation time of client's certificate. +SSL_CLIENT_V_END: The expiration time of client's certificate. +SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format. +SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format. +SSL_CLIENT_M_SERIAL: The serial number of the client's certificate. +SSL_CLIENT_M_VERSION: The version of the client's certificate. +SSL_CLIENT_A_SIG: The algorithm used for the signature in client's certificate. +SSL_CLIENT_A_KEY: The public key algorithm in client's certificate. SSL_CLIENT_CERT: The PEM-encoded client certificate +SSL_CLIENT_VERIFY: + whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) + +SSL_SERVER_V_START: The activation time of server's certificate. +SSL_SERVER_V_END: The expiration time of server's certificate. +SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format. +SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format. +SSL_SERVER_M_SERIAL: The serial number of the server's certificate. +SSL_SERVER_M_VERSION: The version of the server's certificate. +SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate. +SSL_SERVER_A_KEY: The public key algorithm in server's certificate. + SSL_SERVER_CERT: The PEM-encoded server certificate diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e20592b..e89c7f0 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -834,6 +834,11 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_SERIAL", NULL), apr_pstrdup(r->pool, tmp)); + alg = gnutls_x509_crt_get_version(cert); + if (alg > 0) + apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL), + apr_psprintf(r->pool, "%u", alg)); + tmp = mgs_time2sz(gnutls_x509_crt_get_expiration_time (cert), buf, sizeof(buf)); -- cgit