You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rüdiger Plüm <r....@gmx.de> on 2011/01/02 17:58:16 UTC

Re: svn commit: r1054323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml docs/manual/upgrading.xml modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c modules/ssl/ssl_util_ssl.h


On 01/02/2011 12:56 AM, sf@apache.org wrote:
> Author: sf
> Date: Sat Jan  1 23:56:24 2011
> New Revision: 1054323
> 
> URL: http://svn.apache.org/viewvc?rev=1054323&view=rev
> Log:
> Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
> to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and 
> escape other special characters with backslashes. The old format can
> still be used with the LegacyDNStringFormat argument to SSLOptions.
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
>     httpd/httpd/trunk/docs/manual/upgrading.xml
>     httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
>     httpd/httpd/trunk/modules/ssl/ssl_private.h
>     httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
>     httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h

> Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1054323&r1=1054322&r2=1054323&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat Jan  1 23:56:24 2011
> @@ -344,14 +344,32 @@ BOOL SSL_X509_getBC(X509 *cert, int *ca,
>  #endif
>  }
>  
> +/* convert a NAME_ENTRY to UTF8 string */
> +char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne)
> +{
> +    char *result = NULL;
> +    BIO* bio;
> +    int len;
> +
> +    if ((bio = BIO_new(BIO_s_mem())) == NULL)
> +        return NULL;
> +    ASN1_STRING_print_ex(bio, X509_NAME_ENTRY_get_data(xsne),
> +                         ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_UTF8_CONVERT);
> +    len = BIO_pending(bio);
> +    result = apr_palloc(p, len+1);
> +    len = BIO_read(bio, result, len);
> +    result[len] = NUL;
> +    BIO_free(bio);
> +    ap_xlate_proto_from_ascii(value, len);

Shouldn't that be ap_xlate_proto_from_ascii(result, len); instead?

Regards

Rüdiger

Re: svn commit: r1054323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml docs/manual/upgrading.xml modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c modules/ssl/ssl_util_ssl.h

Posted by Kaspar Brand <ht...@velox.ch>.

On 02.01.2011 19:35, Stefan Fritsch wrote:
> On Sunday 02 January 2011, Rüdiger Plüm wrote:
>>> Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
>>> URL:
>>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_u
>>> til_ssl.c?rev=1054323&r1=1054322&r2=1054323&view=diff
>>> ================================================================
>>> ============== --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
>>> (original) +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat
>>> Jan  1 23:56:24 2011 @@ -344,14 +344,32 @@ BOOL
>>> SSL_X509_getBC(X509 *cert, int *ca,
>>>
>>>  #endif
>>>  }
>>>
>>> +/* convert a NAME_ENTRY to UTF8 string */
>>> +char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p,
>>> X509_NAME_ENTRY *xsne) +{
>>> +    char *result = NULL;
>>> +    BIO* bio;
>>> +    int len;
>>> +
>>> +    if ((bio = BIO_new(BIO_s_mem())) == NULL)
>>> +        return NULL;
>>> +    ASN1_STRING_print_ex(bio, X509_NAME_ENTRY_get_data(xsne),
>>> +                        
>>> ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_UTF8_CONVERT); +    len =
>>> BIO_pending(bio);
>>> +    result = apr_palloc(p, len+1);
>>> +    len = BIO_read(bio, result, len);
>>> +    result[len] = NUL;
>>> +    BIO_free(bio);
>>> +    ap_xlate_proto_from_ascii(value, len);
>>
>> Shouldn't that be ap_xlate_proto_from_ascii(result, len); instead?
> 
> Of course, thanks. Fixed in r1054453.

I would suggest to drop the ap_xlate_proto_from_ascii line completely,
for several reasons: "result" is now a UTF-8 encoded string (i.e., might
well include non-ASCII characters, differently encoded than ISO-8859-1),
ap_xlate_proto_from_ascii is a NOOP for non-EBCDIC platforms, and third,
on EBCDIC platforms, ap_xlate_proto_from_ascii simply does nothing (it
calls apr_xlate_conv_buffer, which returns APR_ENOTIMPL, even in current
versions of APR-util, IIMN).

Kaspar

Re: svn commit: r1054323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml docs/manual/upgrading.xml modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c modules/ssl/ssl_util_ssl.h

Posted by Stefan Fritsch <sf...@sfritsch.de>.

On Sunday 02 January 2011, Rüdiger Plüm wrote:
> On 01/02/2011 12:56 AM, sf@apache.org wrote:
> > Author: sf
> > Date: Sat Jan  1 23:56:24 2011
> > New Revision: 1054323
> > 
> > URL: http://svn.apache.org/viewvc?rev=1054323&view=rev
> > Log:
> > Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
> > to be RFC 2253 compatible, convert non-ASCII characters to UTF8,
> > and escape other special characters with backslashes. The old
> > format can still be used with the LegacyDNStringFormat argument
> > to SSLOptions.
> > 
> > Modified:
> >     httpd/httpd/trunk/CHANGES
> >     httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
> >     httpd/httpd/trunk/docs/manual/upgrading.xml
> >     httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> >     httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
> >     httpd/httpd/trunk/modules/ssl/ssl_private.h
> >     httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> >     httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h
> > 
> > Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> > URL:
> > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_u
> > til_ssl.c?rev=1054323&r1=1054322&r2=1054323&view=diff
> > ================================================================
> > ============== --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> > (original) +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat
> > Jan  1 23:56:24 2011 @@ -344,14 +344,32 @@ BOOL
> > SSL_X509_getBC(X509 *cert, int *ca,
> > 
> >  #endif
> >  }
> > 
> > +/* convert a NAME_ENTRY to UTF8 string */
> > +char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p,
> > X509_NAME_ENTRY *xsne) +{
> > +    char *result = NULL;
> > +    BIO* bio;
> > +    int len;
> > +
> > +    if ((bio = BIO_new(BIO_s_mem())) == NULL)
> > +        return NULL;
> > +    ASN1_STRING_print_ex(bio, X509_NAME_ENTRY_get_data(xsne),
> > +                        
> > ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_UTF8_CONVERT); +    len =
> > BIO_pending(bio);
> > +    result = apr_palloc(p, len+1);
> > +    len = BIO_read(bio, result, len);
> > +    result[len] = NUL;
> > +    BIO_free(bio);
> > +    ap_xlate_proto_from_ascii(value, len);
> 
> Shouldn't that be ap_xlate_proto_from_ascii(result, len); instead?

Of course, thanks. Fixed in r1054453.