Displaying 3 results from an estimated 3 matches for "nid_commonname".
2007 Aug 30
1
Using NID_x500UniqueIdentifier as ssl_username_from_cert
Hi,
please have a look at the attached patch for
dovecot-1.0.3
These patch modifies ssl_proxy_get_peer_name()
to use the NID_x500UniqueIdentifier as username
instead of NID_commonName.
The reason is, that the Common Name doesn't have
to be unique for the whole mailserver.
Example; in germany a lot of people got the
first name "Andreas" and the last name "Schulz".
Therefore a lot of certificates exists with subjects
like this:
C=DE,O=ABC,CN=Andreas Schul...
2007 Mar 08
5
1.0rc26: ssl_verify_client=yes ?
Q1)
I can't get ssl_verify_client_cert=yes working.
The ssl key and cert are signed using our CA.
Also the ssl_ca_file has a CRL appended (no revokes yet).
Expected behavior:
Stop the SSL (the client doesn't have a cert installed)
Current behavior:
Mail clients accepts SSL and login succeeds.
(both Evolution and Thunderbird).
My bad? Please advise.
Q2)
The next step, if dovecot blocks
2006 Jun 01
1
ssl-proxy: client certificates and crl check
..., buf, sizeof(buf));
- name = t_strndup(buf, sizeof(buf));
+ /* HJHJ */
+ /* the X509_N_gtbN can return -1 without 0-terminating buf */
+ /* if the call succeeds buf is 0-terminated (openssl 0.9.7e / 0.9.8b src) */
+ buf[0] = '\0';
+ if( X509_NAME_get_text_by_NID(X509_get_subject_name(x509),NID_commonName,buf,sizeof(buf)) < 0 )
+ { buf[0] = '\0'; }
+ name = t_strndup(buf, sizeof(buf) );
X509_free(x509);
-
+ /* HJHJ */
+
return *name == '\0' ? NULL : name;
}
@@ -582,10 +588,22 @@
proxy = SSL_get_ex_data(ssl, extdata_index);
proxy->cert_received = TRUE;
+
+ /* HJH...