You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rüdiger Plüm <r....@gmx.de> on 2011/01/02 17:58:16 UTC
Re: svn commit: r1054323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml
docs/manual/upgrading.xml modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_vars.c
modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c modules/ssl/ssl_util_ssl.h
On 01/02/2011 12:56 AM, sf@apache.org wrote:
> Author: sf
> Date: Sat Jan 1 23:56:24 2011
> New Revision: 1054323
>
> URL: http://svn.apache.org/viewvc?rev=1054323&view=rev
> Log:
> Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
> to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
> escape other special characters with backslashes. The old format can
> still be used with the LegacyDNStringFormat argument to SSLOptions.
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
> httpd/httpd/trunk/docs/manual/upgrading.xml
> httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
> httpd/httpd/trunk/modules/ssl/ssl_private.h
> httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h
> Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1054323&r1=1054322&r2=1054323&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat Jan 1 23:56:24 2011
> @@ -344,14 +344,32 @@ BOOL SSL_X509_getBC(X509 *cert, int *ca,
> #endif
> }
>
> +/* convert a NAME_ENTRY to UTF8 string */
> +char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne)
> +{
> + char *result = NULL;
> + BIO* bio;
> + int len;
> +
> + if ((bio = BIO_new(BIO_s_mem())) == NULL)
> + return NULL;
> + ASN1_STRING_print_ex(bio, X509_NAME_ENTRY_get_data(xsne),
> + ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_UTF8_CONVERT);
> + len = BIO_pending(bio);
> + result = apr_palloc(p, len+1);
> + len = BIO_read(bio, result, len);
> + result[len] = NUL;
> + BIO_free(bio);
> + ap_xlate_proto_from_ascii(value, len);
Shouldn't that be ap_xlate_proto_from_ascii(result, len); instead?
Regards
Rüdiger
Re: svn commit: r1054323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml
docs/manual/upgrading.xml modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_vars.c
modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c modules/ssl/ssl_util_ssl.h
Posted by Kaspar Brand <ht...@velox.ch>.
On 02.01.2011 19:35, Stefan Fritsch wrote:
> On Sunday 02 January 2011, Rüdiger Plüm wrote:
>>> Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
>>> URL:
>>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_u
>>> til_ssl.c?rev=1054323&r1=1054322&r2=1054323&view=diff
>>> ================================================================
>>> ============== --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
>>> (original) +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat
>>> Jan 1 23:56:24 2011 @@ -344,14 +344,32 @@ BOOL
>>> SSL_X509_getBC(X509 *cert, int *ca,
>>>
>>> #endif
>>> }
>>>
>>> +/* convert a NAME_ENTRY to UTF8 string */
>>> +char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p,
>>> X509_NAME_ENTRY *xsne) +{
>>> + char *result = NULL;
>>> + BIO* bio;
>>> + int len;
>>> +
>>> + if ((bio = BIO_new(BIO_s_mem())) == NULL)
>>> + return NULL;
>>> + ASN1_STRING_print_ex(bio, X509_NAME_ENTRY_get_data(xsne),
>>> +
>>> ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_UTF8_CONVERT); + len =
>>> BIO_pending(bio);
>>> + result = apr_palloc(p, len+1);
>>> + len = BIO_read(bio, result, len);
>>> + result[len] = NUL;
>>> + BIO_free(bio);
>>> + ap_xlate_proto_from_ascii(value, len);
>>
>> Shouldn't that be ap_xlate_proto_from_ascii(result, len); instead?
>
> Of course, thanks. Fixed in r1054453.
I would suggest to drop the ap_xlate_proto_from_ascii line completely,
for several reasons: "result" is now a UTF-8 encoded string (i.e., might
well include non-ASCII characters, differently encoded than ISO-8859-1),
ap_xlate_proto_from_ascii is a NOOP for non-EBCDIC platforms, and third,
on EBCDIC platforms, ap_xlate_proto_from_ascii simply does nothing (it
calls apr_xlate_conv_buffer, which returns APR_ENOTIMPL, even in current
versions of APR-util, IIMN).
Kaspar
Re: svn commit: r1054323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml docs/manual/upgrading.xml modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c modules/ssl/ssl_util_ssl.h
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Sunday 02 January 2011, Rüdiger Plüm wrote:
> On 01/02/2011 12:56 AM, sf@apache.org wrote:
> > Author: sf
> > Date: Sat Jan 1 23:56:24 2011
> > New Revision: 1054323
> >
> > URL: http://svn.apache.org/viewvc?rev=1054323&view=rev
> > Log:
> > Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
> > to be RFC 2253 compatible, convert non-ASCII characters to UTF8,
> > and escape other special characters with backslashes. The old
> > format can still be used with the LegacyDNStringFormat argument
> > to SSLOptions.
> >
> > Modified:
> > httpd/httpd/trunk/CHANGES
> > httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
> > httpd/httpd/trunk/docs/manual/upgrading.xml
> > httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> > httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
> > httpd/httpd/trunk/modules/ssl/ssl_private.h
> > httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> > httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h
> >
> > Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> > URL:
> > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_u
> > til_ssl.c?rev=1054323&r1=1054322&r2=1054323&view=diff
> > ================================================================
> > ============== --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> > (original) +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat
> > Jan 1 23:56:24 2011 @@ -344,14 +344,32 @@ BOOL
> > SSL_X509_getBC(X509 *cert, int *ca,
> >
> > #endif
> > }
> >
> > +/* convert a NAME_ENTRY to UTF8 string */
> > +char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p,
> > X509_NAME_ENTRY *xsne) +{
> > + char *result = NULL;
> > + BIO* bio;
> > + int len;
> > +
> > + if ((bio = BIO_new(BIO_s_mem())) == NULL)
> > + return NULL;
> > + ASN1_STRING_print_ex(bio, X509_NAME_ENTRY_get_data(xsne),
> > +
> > ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_UTF8_CONVERT); + len =
> > BIO_pending(bio);
> > + result = apr_palloc(p, len+1);
> > + len = BIO_read(bio, result, len);
> > + result[len] = NUL;
> > + BIO_free(bio);
> > + ap_xlate_proto_from_ascii(value, len);
>
> Shouldn't that be ap_xlate_proto_from_ascii(result, len); instead?
Of course, thanks. Fixed in r1054453.