How to contribute fix for checking x509 extended key attrs to nginx?
erahn at arista.com
Tue Jan 10 23:41:14 UTC 2017
I noticed that nginx does not check x509v3 certificates ( in
event/ngx_event_openssl.c::ngx_ssl_get_client_verify as an example ) to see
that the optional extended key usage settings are correct. I have a patch
for this that I would like to contribute, but I'm unable to find
contribution guidelines on the nginx web-site.
The effect of this issue is that someone could offer a client certificate
that has extended key usage set to say, serverAuth. This would be a
violation of RFC 5280 - Section 220.127.116.11. I fix this by checking the
bitfield manually to see that the settings are correct.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx-devel