Hello Joe,
Thank you very much for the exhaustive answer.

Best regards,
Arsen.

On Tue, 7 Aug 2007, Joe Orton wrote:

> On Tue, Aug 07, 2007 at 02:25:54PM +0200, Arsen Hayrapetyan wrote:
> > Hello,
> >
> > I am setting up client authentication with X.509 certificates.
> > The client has the certificate subject DN of the following form:
> > /C=XX/O=YYY/OU=ZZZ/OU=PPP/CN=TTT
> > I need to catch both OUs in my perl CGI script. But when I am trying to
> > get the values of OUs with the foolowing piece of code:
> >
> > $variable=$ENV{SSL_CLIENT_S_DN_OU};
> > print "$variable \n";
> > $variable=$ENV{SSL_CLIENT_S_DN_OU};
> > print "$variable \n";
> >
> > both print statements print ZZZ (the first OU).
> >
> > How can I catch both OUs in my CGI script? Does mod_ssl "see" the first OU
> > only?

>
> It has access to them all, but only exports the first.
>
> If you upgrade to 2.2.x, you could hack ssl_engine_kernel.c by adding:
>
> "SSL_CLIENT_S_DN_OU_0",
> "SSL_CLIENT_S_DN_OU_1",
>
> to the ssl_hook_Fixup_vars[] array. This will force the first and
> second OU field to be exported to CGI scripts in those named variables.
> Note that this won't work with 2.0.x, which doesn't support the _N
> suffix.
>
> > My apache version is 2.0.55. However I don't know the version of mod_ssl.
> > By the way, how can I determine what version of mod_ssl module do I have?

>
> mod_ssl is integrated into the httpd 2.x tree, so there is no separate
> "versino".
>
> joe
>

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org