diff options
| author | Joe Orton <jorton@apache.org> | 2004-02-28 23:56:01 +0100 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2004-02-28 23:56:01 +0100 |
| commit | eb78a22c8568145b23cc5bf091e34631bbb29511 (patch) | |
| tree | 706a5b0e73dddf5340b60310eb02b5365b41f802 /modules/ssl | |
| parent | update transformaation (diff) | |
| download | apache2-eb78a22c8568145b23cc5bf091e34631bbb29511.tar.xz apache2-eb78a22c8568145b23cc5bf091e34631bbb29511.zip | |
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): For a DN
which includes several RDNs with the same OID, allow lookup of any
particular RDN using an "_<n>" suffix on the name.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102813 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl')
| -rw-r--r-- | modules/ssl/ssl_engine_vars.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 6a5013f21d..666de3f014 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -373,16 +373,27 @@ static const struct { static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var) { - char *result; + char *result, *ptr; X509_NAME_ENTRY *xsne; - int i, j, n; + int i, j, n, idx = 0; unsigned char *data_ptr; int data_len; + apr_size_t varlen; + + /* if an _N suffix is used, find the Nth attribute of given name */ + ptr = strchr(var, '_'); + if (ptr != NULL && strspn(ptr + 1, "0123456789") == strlen(ptr + 1)) { + idx = atoi(ptr + 1); + varlen = ptr - var; + } else { + varlen = strlen(var); + } result = NULL; for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) { - if (strEQ(var, ssl_var_lookup_ssl_cert_dn_rec[i].name)) { + if (strEQn(var, ssl_var_lookup_ssl_cert_dn_rec[i].name, varlen) + && strlen(ssl_var_lookup_ssl_cert_dn_rec[i].name) == varlen) { for (j = 0; j < sk_X509_NAME_ENTRY_num((STACK_OF(X509_NAME_ENTRY) *) X509_NAME_get_entries(xsname)); j++) { @@ -393,7 +404,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char * data_ptr = X509_NAME_ENTRY_get_data_ptr(xsne); data_len = X509_NAME_ENTRY_get_data_len(xsne); - if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) { + if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) { result = apr_palloc(p, data_len+1); apr_cpystrn(result, (char *)data_ptr, data_len+1); #ifdef CHARSET_EBCDIC |