New SSL features for Nginx.
brice+nginx at daysofwonder.com
Tue Jul 21 22:02:05 MSD 2009
For Puppet Nginx deployement (that is using Nginx as a front-end
load-balancers to puppetmasters), I had to create the following two
patches, to match Apache behaviour:
* The first patch allows:
+ a new variant of ssl_client_verify: optional. In this mode, if the
client sends a certificate it is verified, but if the client doesn't
send a certificate, the connection is authorized too.
+ a new variable: $ssl_client_verify which contains, either NONE,
SUCCESS or FAILURE depending on the verification status. It can be used
to send information to the upstream about the client verification.
* The second patch adds CRL support to the client certificate
Nginx then verifies the client certificate hasn't been revoked in the
given CRL before allowing the connection to proceed.
For access to the patches, please see my last blog article:
It would be great if those patches could be merged in the official Nginx
My Blog: http://www.masterzen.fr/
More information about the nginx