PSK Support

Karstens, Nate Nate.Karstens at garmin.com
Wed Jun 14 01:10:55 UTC 2017


OK, sounds good to me! I'll hopefully have some new patches available in a couple of days.

Any thoughts on using regular expressions to validate the format of the password file and extract strings? Specifically, does any string matching have to use regular expressions (protected by NGX_PCRE), or is the use of regular expressions optional?

Nate

-----Original Message-----
From: nginx-devel [mailto:nginx-devel-bounces at nginx.org] On Behalf Of Maxim Dounin
Sent: Tuesday, June 13, 2017 9:55 AM
To: nginx-devel at nginx.org
Subject: Re: PSK Support

Hello!

On Fri, Jun 09, 2017 at 03:40:15AM +0000, Karstens, Nate wrote:

> Maxim,
>
> OK, we can skip the patch for turning off the certificate warnings
> (and just use a dummy certificate) and just support a single PSK file.
>
> The {HEX} prefix seems OK. I think it would also be good to support an
> {ASC}. It is unlikely that anyone would have an ASCII-based PSK that
> starts with {HEX}, but using {ASC} would provide a way to make prevent
> that case.

If somebody want to use a key which starts with {HEX}, an obvious solution would be to convert it to hex.  Supporting an additional prefix for plain-text keys might be an option too (in auth_basic it is called {PLAIN}, see nginx.org/r/auth_basic_user_file), but I think that it would be good to interpret non-prefixed keys in a way compatible with stunnel.  So there will be 3 options:

identity:key
identity:{PLAIN}key
identity:{HEX}6b6579

> Also, instead of referring to text-based PSKs as ASCII, maybe they
> should be UTF8-encoded and referred to as {TXT}?

I would rather avoid saying anything about character encoding, much like nginx does in most of the other places.  The {PLAIN} seems to be neutral enough.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-devel mailing list
nginx-devel at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

________________________________

CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.


More information about the nginx-devel mailing list