<div dir="ltr">Small correction - replace magic value with sizeof().<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 9 September 2015 at 02:46, Andrey Kulikov <span dir="ltr"><<a href="mailto:amdeich@gmail.com" target="_blank">amdeich@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hello,<br><br>Please find attached patch, that add ssl_client_EKU nginx variable.<br><br>Variable contains coma-separated list of OIDs, presented in<br>client's certificate (if any). If EKU extension is absent, empty line will be returned.<br>Dot-separated form of OID choosen rather than human-readable<br>short name, as EKU may contains values OpenSSL not aware of,<br>and we receive "UNDEF" only in this case.<br>Purpose is to use in LUA scripts, or let backend server know the list of<br>EKU's, as it can contains lot more that just 'TLS Client Authentication'.<br></div><div></div>(for those who read in Russain: <a href="http://www.infotrust.ru/data/Docs/InfoTrustCP.pdf" target="_blank">http://www.infotrust.ru/data/Docs/InfoTrustCP.pdf</a> page 37, as an example)<br><br></div><div>For example directive<br> proxy_set_header X-ClientCert-EKU $ssl_client_EKU;<br></div><div>will result in following in proxied header:<br>X-ClientCert-EKU: 1.3.6.1.5.5.7.3.2,1.2.643.3.34.2.6,1.2.643.3.34.2.1<br></div><div><br></div><div>Tested on 1.8.0, 1.9.4<br></div><div><br></div>Best wishes,<br></div>Andrey<br></div>
</blockquote></div><br></div>