How to contribute fix for checking x509 extended key attrs to nginx?
savetherbtz at gmail.com
Wed Jan 11 02:58:21 UTC 2017
On Jan 10, 2017, at 3:41 PM, Ethan Rahn via nginx-devel <nginx-devel at nginx.org> wrote:
> I noticed that nginx does not check x509v3 certificates ( in event/ngx_event_openssl.c::ngx_ssl_get_client_verify as an example ) to see that the optional extended key usage settings are correct. I have a patch for this that I would like to contribute, but I'm unable to find contribution guidelines on the nginx web-site.
> The effect of this issue is that someone could offer a client certificate that has extended key usage set to say, serverAuth. This would be a violation of RFC 5280 - Section 126.96.36.199. I fix this by checking the bitfield manually to see that the settings are correct.
> nginx-devel mailing list
> nginx-devel at nginx.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 842 bytes
Desc: Message signed with OpenPGP
More information about the nginx-devel