You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Thomas, Peter" <pt...@HPTI.com> on 2010/05/05 21:10:24 UTC
RE: [users@httpd] Incorrect conversion of UTF-8 characters comming from X.509 certificates, please help
This may help you; I patched mod_ssl to retrieve the certificate DN in
RFC2253 [LDAP-compliant] format, instead of the deprecated method
currently used:
--- http-2.2.15-baseline/modules/ssl//ssl_engine_vars.c Sat Feb 27
16:00:58 2010
--- http-2.2.15/modules/ssl//ssl_engine_vars.c Tue Mar 23 14:22:53 2010
@@ -367,10 +367,20 @@
}
else if (strcEQ(var, "S_DN")) {
xsname = X509_get_subject_name(xs);
- cp = X509_NAME_oneline(xsname, NULL, 0);
- result = apr_pstrdup(p, cp);
- modssl_free(cp);
- resdup = FALSE;
+ BIO *bio;
+ int n;
+
+ if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+ result = NULL;
+ } else {
+ X509_NAME_print_ex(bio, xsname, 0, XN_FLAG_RFC2253);
+ n = BIO_pending(bio);
+ result = apr_pcalloc(p, n+1);
+ n = BIO_read(bio, result, n);
+ result[n] = NUL;
+ BIO_free(bio);
+ resdup = FALSE;
+ }
}
else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
xsname = X509_get_subject_name(xs)
See also:
http://mail-archives.apache.org/mod_mbox/httpd-modules-dev/201003.mbox/%
3C5045A4D718CAB644BA24979206486B60067A4179@hptimail03.HPTI.COM%3E
________________________________
From: Luis Neves [mailto:luisneves@hotmail.com]
Sent: Thursday, April 29, 2010 10:34 AM
To: users@httpd.apache.org
Subject: [users@httpd] Incorrect conversion of UTF-8 characters
comming from X.509 certificates, please help
Hi there,
I am trying to match the values coming from
apache/mod_ssl/mod_authz_ldap against some fields (subjectDN and
issuerDN) in an Openldap directory
the problem is that Apache is receiving certificate data that
contains UTF8 encoded chars
That chars are being incorrectly encoded with '\x' characters
(deprecated source code? bug?) and this is making the effect of
mod_authz_ldap failing the query with "bad search filter" error
Here some example data on the ssl_error.log
http://www.mail-archive.com/openssl-users@openssl.org/msg60934.html
I need help on solving this, Iam sucked and dont know what to do
to put this thing working
Can someboby help me please?
PS: Im using Apache 2.2.3 on a Centos 5.4, against openldap
Luis
________________________________
Hotmail: Trusted email with Microsoft's powerful SPAM
protection. Sign up now. <https://signup.live.com/signup.aspx?id=60969>