How to contribute fix for checking x509 extended key attrs to nginx?

Ethan Rahn erahn at
Tue Jan 10 23:41:14 UTC 2017


I noticed that nginx does not check x509v3 certificates ( in
event/ngx_event_openssl.c::ngx_ssl_get_client_verify as an example ) to see
that the optional extended key usage settings are correct. I have a patch
for this that I would like to contribute, but I'm unable to find
contribution guidelines on the nginx web-site.

The effect of this issue is that someone could offer a client certificate
that has extended key usage set to say, serverAuth. This would be a
violation of RFC 5280 - Section I fix this by checking the
bitfield manually to see that the settings are correct.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx-devel mailing list