mod_auth_ccert: Add optional method for certificates which contain an email address
--- a/mod_auth_ccert/mod_auth_ccert.lua Fri Jun 14 20:10:33 2013 +0200
+++ b/mod_auth_ccert/mod_auth_ccert.lua Fri Jun 14 20:12:51 2013 +0200
@@ -35,6 +35,19 @@
end
end
+function username_extractor.email(cert)
+ local subject = cert:subject();
+ for i=1,#subject do
+ local ava = subject[i];
+ if ava.oid == oid_emailAddress then
+ local username, host = jid_split(ava.value);
+ if host == module.host then
+ return username, true
+ end
+ end
+ end
+end
+
local find_username = username_extractor[cert_match];
if not find_username then
module:log("error", "certificate_match = %q is not supported");