[squid-dev] [PATCH] support custom OIDs in *_cert ACLs
Tsantilas Christos
chtsanti at users.sourceforge.net
Tue May 26 09:26:48 UTC 2015
On 05/26/2015 12:10 PM, Amos Jeffries wrote:
> On 26/05/2015 9:00 p.m., Tsantilas Christos wrote:
>> Hi all,
>>
>> This patch allow user_cert and ca_cert ACLs to match arbitrary
>> stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For
>> example, should be able to match certificates that have
>> 1.3.6.1.4.1.1814.3.1.14 OID in the certificate Subject or Issuer field.
>> Squid configuration would look like this:
>>
>> acl User_Cert-TrustedCustomerNum user_cert 1.3.6.1.4.1.1814.3.1.14 1001
>>
>> This is a Measurement Factory project
>>
>>
>
> +1 anyway.
>
> Dont like the extra leak-ish part though. Does TidyPointer make sense there?
No.
It is not a memory leak.
The OBJ_create just adds the OID in internal openSSL database of valid
fields. Even if the OID is not used after a reconfigure, still remains
in this database. This is not a real problem unless someone add some
thousands of these OIDs.
But I do not believe that this is a real problem...
>
> Amos
>
More information about the squid-dev
mailing list