Hello!
I think is good idea to enable common work of two these options:
SSLOptions +FakeBasicAuth
and
SSLUserName
When we enable FakeBasicAuth option, we take username
not "user", but "/C=RU/ST=-/L=Moscow/O=example.com/OU=Example/CN=user/emailA ddress=user [at] example.com"
This is in some cases inconveniently -- if we use, for
example, Subversion VCS and make user authentication via certificate
we take "strange" commiter's usename.
I suggest to make some changes in mod_ssl module to allow set username as
a part of Subject of the Client's X509 Certificate.
For example, if SSLUserName is set to SSL_CLIENT_S_DN_CN, faked username is "user".
Please look on these patches:
For Apache 1.3
http://reki.ru/products/mod_ssl/mod_ssl-2.8.25-1.3.34-Userna me-patch
and
For Apache 2
http://reki.ru/products/subversion/patch-server-ssl_engine_k ernel.c
--
With best regards, Andrei.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
