Discussion:
svn commit: r290157 - /httpd/test/trunk/perl-framework/c-modules/test_ssl/mod_test_ssl.c
Geoffrey Young
2005-09-19 17:39:22 UTC
Permalink
+#ifdef HAVE_SSL_EXT_LOOKUP
if (!ext_lookup) {
ap_rputs("ssl_ext_lookup not available", r);
return OK;
}
hey, speaking of this ext_lookup, can you give me an example of what this
function does? in Apache::SSLLookup I've added perl glue for this method,
and right now I've got 2 forms:

my $client_foo = $r->ext_lookup($something, 1);
my $server_foo = $r->ext_lookup($something);

but I really could never figure out what to glean from the generated ssl
certificates to test against, what to pass as $something, etc.

ideas?

--Geoff
Joe Orton
2005-09-20 09:13:24 UTC
Permalink
Post by Geoffrey Young
+#ifdef HAVE_SSL_EXT_LOOKUP
if (!ext_lookup) {
ap_rputs("ssl_ext_lookup not available", r);
return OK;
}
hey, speaking of this ext_lookup, can you give me an example of what this
function does? in Apache::SSLLookup I've added perl glue for this method,
my $client_foo = $r->ext_lookup($something, 1);
my $server_foo = $r->ext_lookup($something);
but I really could never figure out what to glean from the generated ssl
certificates to test against, what to pass as $something, etc.
"$something" should be the OID (unique identifier) of the extension
which you wish to look up.

The ssl_ext_lookup function has just been replaced with ssl_ext_list so
you'd probably want to support the latter. ssl_ext_list returns an
array of all extensions with that

All the certificates which are automatically generated in Apache-Test
have an "nsComment" extension, which has OID "2.16.840.1.113730.1.13",
set to "This Is A Comment", that's what I used for the t/ssl/extlookup.t
test.

So with 2.1.7 $r->ext_lookup("2.16.840.1.113730.1.13") should return
"This Is A Comment" for any SSL vhost in the test suite if it works
properly.

joe
Geoffrey Young
2005-09-20 11:24:06 UTC
Permalink
Post by Joe Orton
So with 2.1.7 $r->ext_lookup("2.16.840.1.113730.1.13") should return
"This Is A Comment" for any SSL vhost in the test suite if it works
properly.
excellent!

thanks so much for the info.

--Geoff

Loading...