[PATCH] Mail: send starttls flag value to auth script
mdounin at mdounin.ru
Mon Mar 2 14:14:52 UTC 2015
On Mon, Mar 02, 2015 at 01:12:44PM +0100, Michael Kliewe wrote:
> with your changes there is a problem:
> nginx now just sends the header if the connection is encrypted.
> If the connection is not encrypted, then there is no header sent
> to the auth script.
> In the auth script I cannot distinguish between "user did not
> use encryption" and "nginx doesn't have the feature" (because of
> mixed nginx versions).
> With the original version of the patch this was possible.
Try updating all your nginx instances before using the header for
something limiting, it is expected to resolve your problem.
Either way, the only safe thing to do if "nginx doesn't have the
feature" is to assume there is no SSL if SSL matters. And that's
what current behaviour encourages.
More information about the nginx-devel