Feature request ?
francis at daoine.org
Mon Nov 21 14:44:18 UTC 2016
On Mon, Nov 21, 2016 at 09:28:06AM +1100, Alex Samad wrote:
> But I find that the amount of information about the client cert is very
> limited. compared to say squid / apache.
> For example I looking for end date for the client cert. It would be nice
> if this sort of information could be provided by env variables .. instead
> of me having to process the raw pem format on every request.
Either nginx has to do the work to present the information for all
requests for all users; or you have to do it for your use case.
I suspect that what nginx currently does is mostly "what seemed useful
to many people", with a bit of "someone wrote the code".
For example: why do you care about the certificate end date?
You should (in general) care what the result of client certificate
verification is, which (I hope) includes a date check. If you have a
special use case that wants the end-date for some other reason, then
you get to write the code for your special case.
I guess that it is possible that, if it is believed that information is
generally useful, it could be auto-exposed by nginx. Possibly the reason
it is not, is that no-one has asked for it.
Francis Daly francis at daoine.org
More information about the nginx