[Dovecot] Username from rfc822Name subject alternative name

[Бранко Мај]

Hello,

I'm looking into adding support for extracting the username from client 
certificate's rfc822Name (from the subjectAltName extension).

The question I have is what would be the best approach to do this? 
Current implementation has a kind of clean code since it just goes 
through the subject name, extracting the values with 
X509_NAME_get_text_by_NID (while NID is obtained with OBJ_txt2nid). If I 
were to add this, it's bound to make the code a little bit more 
complicated since SAN's can't be retrieved in the same way.

So far in terms of options I have, I can see the following:

1. Create a distinct configuration option for the 
ssl_cert_username_field (i.e. specify something like "sanrfc822Name" to 
have Dovecot extract the username from the designated alternative name).

2. Make the current code fail-over to rfc822Name SAN if emailAddress is 
provided for ssl_cert_username (less invasion in code, but less 
flexibility as well).

Any input/recommendation/directioning is welcome. I've wanted to 
actually first write a patch, and then submit it, but I think it might 
be better to check what would be preferable by Dovecot maintainers/devs.

Best regards

-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.