On Tue, Aug 07, 2007 at 02:25:54PM +0200, Arsen Hayrapetyan wrote:
> Hello,
> I am setting up client authentication with X.509 certificates.
> The client has the certificate subject DN of the following form:
> I need to catch both OUs in my perl CGI script. But when I am trying to
> get the values of OUs with the foolowing piece of code:
> $variable=$ENV{SSL_CLIENT_S_DN_OU};
> print "$variable \n";
> $variable=$ENV{SSL_CLIENT_S_DN_OU};
> print "$variable \n";
> both print statements print ZZZ (the first OU).
> How can I catch both OUs in my CGI script? Does mod_ssl "see" the first OU
> only?

It has access to them all, but only exports the first.

If you upgrade to 2.2.x, you could hack ssl_engine_kernel.c by adding:


to the ssl_hook_Fixup_vars[] array. This will force the first and
second OU field to be exported to CGI scripts in those named variables.
Note that this won't work with 2.0.x, which doesn't support the _N

> My apache version is 2.0.55. However I don't know the version of mod_ssl.
> By the way, how can I determine what version of mod_ssl module do I have?

mod_ssl is integrated into the httpd 2.x tree, so there is no separate

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org