Hi,
I have a requirement to check incoming requests, something that would be
succinctly expressed this way:
<Location />
Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
</Location>
This would check that the request IP address is among the IP addresses in the client certificate.
Unfortunately, this doesn't work:
1. SSL_CLIENT_SAN_IPaddr is not exposed by mod_ssl, but I've switched to mod_nss, which exports it
2. The _expression_ evaluation engine doesn't know how to evaluate this kind of _expression_