SSL_CLIENT_S_DN_UID not available with client certificate authentication

["David (Dave) Donnan" <david.donnan@xxxxxxxxxxxxxxx>]

Hello and thanks for all your help in the past.

I'm an x SUN (iplanet/Sun ONE) employee retraining on OpenSource so I really appreciate any help that you can give me. It's incredible to see
this community helping each other (for FREE !) and I intend to participate actively in the future.

I've installed Fedora 12 with apache httpd-2.2.13-4.fc12.i686. I've configured httpd for client-side certificate authentication.

Once authenticated, I have the following CGI environment variables:

SSL_CLIENT_S_DN = /O=<organization>/CN=DONNAN David/emailAddress=david.donnan@<company>.com/UID=T1234567

SSL_CLIENT_S_DN_CN = DONNAN David

SSL_CLIENT_S_DN_Email = david.donnan@<company>.com

SSL_CLIENT_S_DN_O = <organization>

...

However, the following variable is not instantiated :

SSL_CLIENT_S_DN_UID

Note that it appears, in fact, in SSL_CLIENT_S_DN (at the end) !!

Q1. Can anyone help me instantiate this variable - is there further apache HTTPD configuration to be done ?

Notes:

1. Last summer I thought the problem was related to the following BUG and so I put this project on hold:

    https://issues.apache.org/bugzilla/show_bug.cgi?id=45107

Hence why I've waited for Fedora 12 where they say the above BUG is fixed.

2. In the past I've had a similar problem with openSSL where I must manually change openssl.cnf as follows:

[ new_oids ]

# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Following line added by DD Summer 2007
uid=0.9.2342.19200300.100.1.1

Reference:      http://www.openldap.org/lists/openldap-software/200309/msg00422.html
BIG thanks to Jeff Warnica for the OpenSSL solution.

Q2. Is this related, perhaps ?

3. /etc/httpd/conf.d/ssl.conf

Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        none
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  20
# SSLMutex  file:logs/ssl_mutex
SSLMutex  default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/<hostname>.pem
SSLCertificateKeyFile  /etc/httpd/conf/<hostname>.key
# SSLCACertificateFile /etc/httpd/conf/ca.pem
SSLCACertificateFile /etc/httpd/conf/<name>.pem
SSLVerifyClient require
SSLVerifyDepth  10
# SSLUserName SSL_CLIENT_S_DN_Email
SSLUserName SSL_CLIENT_S_DN
# SSLUserName SSL_CLIENT_S_DN_CN
# SSLUserName SSL_CLIENT_S_DN_UID
# SSLUserName SSL_CLIENT_S_DN_NID_userId
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

4. test:cgi

#!/usr/bin/perl

   print "Content-type: text/html\n\n";
   print "<tt>\n";
   foreach $key (sort keys(%ENV)) {
      print "$key = $ENV{$key}<p>";
   }

Any help would be greatly appreciated, thanks, Dave
-----