I'm trying to setup a DN filter against a certificate that has UTF-8 characters in it.
The Subject DN for the incoming certificate is:
C=CA,ST=Province,L=City,O=Company,OU=Unit,CN=âWeirdâ@ÂØÇâ.com
The filter I'm trying to use in the httpd configuration file is:
SSLRequire (%{SSL_CLIENT_S_DN} =~ m#^/.*CN=âWeirdâ@ÂØÇâ.*$#i)
This pattern does work for me for other certificates that do not contain UTF-* characters.
After some investigation, I discovered that this line does successfully pick up the certificate:
SSLRequire (%{SSL_CLIENT_S_DN} =~ m#^/.*CN= \\x1C\\x00W\\x00e\\x00i\\x00r\\x00d \\x1D\\x00@\\x00\\xBF\\x063\\x01\\xFD \\xAC\\x00.\\x00c\\x00o\\x00m.*$#i)
While that works for this particular case, I'm trying to develop something where the regex string will be constructed based on an arbitrary certificate supplied at runtime.
Questions:
1) Is it possible to configure httpd to match UTF-8 characters without all the escaping?
2) If all the "\\x" escaping is necessary, why are there 3 spaces in the escaped string when they're not present in the certificate? (One space is after CN=, one after \\x00d, and one after \\xFD.)
Other relevant info:
Apache httpd v2.2.16
PCRE v6.6-2.el5_1.7
I also tried PCRE v8.10, but I did not note any change in behaviour.
|