osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61929] New: Configure mod_sll forsend empty distinguished names list


https://bz.apache.org/bugzilla/show_bug.cgi?id=61929

            Bug ID: 61929
           Summary: Configure mod_sll forsend empty distinguished names
                    list
           Product: Apache httpd-2
           Version: 2.4.23
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: aleksgrv@xxxxxxxxx
  Target Milestone: ---

We use SSLCACertificateFile for client auth and want send empty  CA DN names
list because SSLCACertificateFile very large and goto limit for
CertificateRequest <0..2^16-1> (more info about it:
https://github.com/openssl/openssl/issues/4819)

rfc 5246, #section-7.4.4:

 certificate_authorities
      A list of the distinguished names [X501] of acceptable
      certificate_authorities, represented in DER-encoded format.  These
      distinguished names may specify a desired distinguished name for a
      root CA or for a subordinate CA; thus, this message can be used to
      describe known roots as well as a desired authorization space.  If
      the certificate_authorities list is empty, then the client MAY
      send any certificate of the appropriate ClientCertificateType,
      unless there is some external arrangement to the contrary.


I think need add support empty SSLCADNRequestFile

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx