You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Thomas, Peter" <pt...@HPTI.com> on 2010/05/05 21:10:24 UTC

RE: [users@httpd] Incorrect conversion of UTF-8 characters comming from X.509 certificates, please help

This may help you; I patched mod_ssl to retrieve the certificate DN in
RFC2253 [LDAP-compliant] format, instead of the deprecated method
currently used:
 
--- http-2.2.15-baseline/modules/ssl//ssl_engine_vars.c Sat Feb 27
16:00:58 2010
--- http-2.2.15/modules/ssl//ssl_engine_vars.c  Tue Mar 23 14:22:53 2010
@@ -367,10 +367,20 @@
     }
     else if (strcEQ(var, "S_DN")) {
         xsname = X509_get_subject_name(xs);
-        cp = X509_NAME_oneline(xsname, NULL, 0);
-        result = apr_pstrdup(p, cp);
-        modssl_free(cp);
-        resdup = FALSE;
+        BIO *bio;
+        int n;
+        
+        if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+            result = NULL;
+        } else {
+            X509_NAME_print_ex(bio, xsname, 0, XN_FLAG_RFC2253);
+            n = BIO_pending(bio);
+            result = apr_pcalloc(p, n+1);
+            n = BIO_read(bio, result, n);
+            result[n] = NUL;
+            BIO_free(bio);
+            resdup = FALSE;
+        }
     }
     else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
         xsname = X509_get_subject_name(xs)

See also: 
 
http://mail-archives.apache.org/mod_mbox/httpd-modules-dev/201003.mbox/%
3C5045A4D718CAB644BA24979206486B60067A4179@hptimail03.HPTI.COM%3E
 



________________________________

	From: Luis Neves [mailto:luisneves@hotmail.com] 
	Sent: Thursday, April 29, 2010 10:34 AM
	To: users@httpd.apache.org
	Subject: [users@httpd] Incorrect conversion of UTF-8 characters
comming from X.509 certificates, please help
	
	
	Hi there,
	I am trying to match the values coming from
apache/mod_ssl/mod_authz_ldap against some fields (subjectDN and
issuerDN) in an Openldap directory
	the problem is that Apache is receiving certificate data that
contains UTF8 encoded chars
	
	That chars are being incorrectly encoded with '\x' characters
(deprecated source code? bug?) and this is making the effect of
mod_authz_ldap failing the query with "bad search filter" error
	
	Here some example data on the ssl_error.log
	
http://www.mail-archive.com/openssl-users@openssl.org/msg60934.html
	
	I need help on solving this, Iam sucked and dont know what to do
to put this thing working
	Can someboby help me please?
	
	PS: Im using Apache 2.2.3 on a Centos 5.4, against openldap
	
	Luis
	
	
________________________________

	Hotmail: Trusted email with Microsoft's powerful SPAM
protection. Sign up now. <https://signup.live.com/signup.aspx?id=60969>