#
-# $Id: cf.data.pre,v 1.382 2005/03/18 16:32:37 hno Exp $
+# $Id: cf.data.pre,v 1.383 2005/03/18 16:51:22 hno Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
%METHOD Request method
%MYADDR Squid interface address
%MYPORT Squid http_port number
- %USER_CERT_xx SSL User certificate attribute xx
- %USER_CA_xx SSL User certificate CA attribute xx
+ %USER_CERT SSL User certificate in PEM format
+ %USER_CERT_xx SSL User certificate subject attribute xx
+ %USER_CA_xx SSL User certificate issuer attribute xx
%{Header} HTTP request header
%{Hdr:member} HTTP request header list member
%{Hdr:;member}
/*
- * $Id: external_acl.cc,v 1.58 2004/08/30 05:12:31 robertc Exp $
+ * $Id: external_acl.cc,v 1.59 2005/03/18 16:51:22 hno Exp $
*
* DEBUG: section 82 External ACL
* AUTHOR: Henrik Nordstrom, MARA Systems AB
#if USE_SSL
EXT_ACL_USER_CERT,
EXT_ACL_CA_CERT,
+ EXT_ACL_USER_CERT_RAW,
#endif
EXT_ACL_EXT_USER,
EXT_ACL_END
#if USE_SSL
+ else if (strcmp(token, "%USER_CERT") == 0)
+ format->type = EXT_ACL_USER_CERT_RAW;
else if (strncmp(token, "%USER_CERT_", 11)) {
format->type = _external_acl_format::EXT_ACL_USER_CERT;
format->header = xstrdup(token + 11);
DUMP_EXT_ACL_TYPE(METHOD);
#if USE_SSL
+ case _external_acl_format::EXT_ACL_USER_CERT_RAW:
+ storeAppendPrintf(sentry, " %%USER_CERT");
+ break;
+
case _external_acl_format::EXT_ACL_USER_CERT:
storeAppendPrintf(sentry, " %%USER_CERT_%s", format->header);
break;
break;
#if USE_SSL
+ case _external_acl_format::EXT_ACL_USER_CERT_RAW:
+
+ if (ch->conn().getRaw()) {
+ SSL *ssl = fd_table[ch->conn()->fd].ssl;
+
+ if (ssl)
+ str = sslGetUserCertificatePEM(ssl);
+ }
+
+ break;
+
case _external_acl_format::EXT_ACL_USER_CERT:
if (ch->conn().getRaw()) {
/*
- * $Id: ssl_support.cc,v 1.27 2005/03/18 16:46:44 hno Exp $
+ * $Id: ssl_support.cc,v 1.28 2005/03/18 16:51:22 hno Exp $
*
* AUTHOR: Benno Rice
* DEBUG: section 83 SSL accelerator support
{
return sslGetUserAttribute(ssl, "Email");
}
+
+const char *
+sslGetUserCertificatePEM(SSL *ssl)
+{
+ X509 *cert;
+ BIO *mem;
+ static char *str = NULL;
+ char *ptr;
+ long len;
+
+ safe_free(str);
+
+ if (!ssl)
+ return NULL;
+
+ cert = SSL_get_peer_certificate(ssl);
+
+ if (!cert)
+ return NULL;
+
+ mem = BIO_new(BIO_s_mem());
+
+ PEM_write_bio_X509(mem, cert);
+
+
+ len = BIO_get_mem_data(mem, &ptr);
+
+ str = (char *)xmalloc(len + 1);
+
+ memcpy(str, ptr, len);
+
+ str[len] = '\0';
+
+ X509_free(cert);
+
+ BIO_free(mem);
+
+ return str;
+}
/*
- * $Id: ssl_support.h,v 1.9 2005/03/18 15:36:08 hno Exp $
+ * $Id: ssl_support.h,v 1.10 2005/03/18 16:51:22 hno Exp $
*
* AUTHOR: Benno Rice
*
typedef char const *SSLGETATTRIBUTE(SSL *, const char *);
SSLGETATTRIBUTE sslGetUserAttribute;
SSLGETATTRIBUTE sslGetCAAttribute;
+const char *sslGetUserCertificatePEM(SSL *ssl);
#endif /* SQUID_SSL_SUPPORT_H */
projects / thirdparty / squid.git / commitdiff
