On 07/31/2014 03:35 AM, Amos Jeffries wrote:
> Hi Christos,
>
> Can you confirm or deny for me that these %USER_CERT_* macros map to the
> %ssl::>cert_* logformat codes?
Not exactly.
- The %ssl::>cert_subject is equivalent to the %USER_CERT_DN external
acl macro
- The %ssl::>cert_issuer is equivalent to the %USER_CA_CERT_DN
>
> Their existence is one of the outstanding issues with external_acl_type
> upgrade to logformat.
The certificate and certificate issuer subjects are in the form:
C=GR, ST=ATTIKI, L=Athens, O=ChTsanti, OU=Admin, CN=fortune
The %USER_CERT_* and %USER_CA_CERT_* external acl macros designed to
return fields of the subject. For example someone can use:
%USER_CERT_CN or %USER_CA_CERT_O
The DN suffix means all the subject
The %ssl::>cert_subject and %ssl::>cert_issuer log formatting codes
return the cert and issuer subjects.
We need to support arguments in %ssl::>cert_subject and
%ssl::>cert_issuer to have similar functionality with external acl. For
example:
%{CN}ssl::>cert_subject
%{CN}ssl::>cert_issuer
%{DN}ssl::>cert_subject
>
> Cheers
> Amos
>
> On 31/07/2014 3:31 a.m., Christos Tsantilas wrote:
>> ------------------------------------------------------------
>> revno: 13517
>> committer: Christos Tsantilas <chtsanti_at_users.sourceforge.net>
>> branch nick: trunk
>> timestamp: Wed 2014-07-30 18:31:10 +0300
>> message:
>> Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
>>
>> * The attribute part of the %USER_CA_CERT_xx and %CA_CERT_xx formating codes
>> is not parsed correctly, make these formating codes useless.
>> * The %USER_CA_CERT_xx documented wrongly
>> modified:
>> src/cf.data.pre
>> src/external_acl.cc
>>
>
>
Received on Thu Jul 31 2014 - 07:22:20 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 31 2014 - 12:00:12 MDT