'Re: /bzr/squid3/trunk/ r13517: Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-dev
Subject:    Re: /bzr/squid3/trunk/ r13517: Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
From:       Tsantilas Christos <chtsanti () users ! sourceforge ! net>
Date:       2014-07-31 7:21:48
Message-ID: 53D9EE8C.2090607 () users ! sourceforge ! net
[Download RAW message or body]

On 07/31/2014 03:35 AM, Amos Jeffries wrote:
> Hi Christos,
>
> Can you confirm or deny for me that these %USER_CERT_* macros map to the
> %ssl::>cert_* logformat codes?

Not exactly.
  - The %ssl::>cert_subject is equivalent to the %USER_CERT_DN external 
acl macro
  - The %ssl::>cert_issuer is equivalent to the %USER_CA_CERT_DN

>
> Their existence is one of the outstanding issues with external_acl_type
> upgrade to logformat.

The certificate and certificate issuer subjects are in the form:
    C=GR, ST=ATTIKI, L=Athens, O=ChTsanti, OU=Admin, CN=fortune

The %USER_CERT_* and %USER_CA_CERT_* external acl macros designed to 
return fields of the subject. For example someone can use:
   %USER_CERT_CN or %USER_CA_CERT_O

The DN suffix means all the subject

The %ssl::>cert_subject and %ssl::>cert_issuer log formatting codes 
return the  cert and issuer subjects.
We need to support arguments in %ssl::>cert_subject and 
%ssl::>cert_issuer to have similar functionality with external acl. For 
example:
   %{CN}ssl::>cert_subject
   %{CN}ssl::>cert_issuer
   %{DN}ssl::>cert_subject


>
> Cheers
> Amos
>
> On 31/07/2014 3:31 a.m., Christos Tsantilas wrote:
>> ------------------------------------------------------------
>> revno: 13517
>> committer: Christos Tsantilas <chtsanti@users.sourceforge.net>
>> branch nick: trunk
>> timestamp: Wed 2014-07-30 18:31:10 +0300
>> message:
>>    Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
>>
>>      * The attribute part of the %USER_CA_CERT_xx and %CA_CERT_xx formating codes
>>        is not parsed correctly, make these formating codes useless.
>>      * The %USER_CA_CERT_xx documented wrongly
>> modified:
>>    src/cf.data.pre
>>    src/external_acl.cc
>>
>
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic