how to get common name from client cert in TLS connection instead of HTTPS
B.R.
reallfqq-nginx at yahoo.fr
Fri Sep 16 07:26:49 UTC 2016
It seems the variable you are refering to belongs to the
ngx_http_ssl_module, suitable for HTTPS, not in the ngx_stream_ssl_module,
suitable for generic TLS.
---
*B. R.*
On Fri, Sep 16, 2016 at 5:19 AM, Albert Zhang <albert at plumewifi.com> wrote:
> how to get common name from client cert in TLS connection instead of
> HTTPS. I am using TLS not https and want to get common name from client
> cert using nginx plus ami on was,
> I am using AWS elb(ssl)+nginx client certificate ssl I know use
> $ssl_client_s_dn but how to get/compare the value here is my config:
> stream {
> upstream stream_backend {
> server 10.252.1.131:1983;
> server 10.252.1.131:2983;
> }
> server {
> listen 4443 ssl;
> proxy_pass stream_backend;
> proxy_ssl on;
> proxy_ssl_certificate /etc/ssl/certs/server.crt;
> proxy_ssl_certificate_key /etc/ssl/certs/server.key;
> proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> proxy_ssl_ciphers HIGH:!aNULL:!MD5;
> # proxy_ssl_client_certificate /etc/ssl/certs/ca.pem;
> proxy_ssl_trusted_certificate /etc/ssl/certs/ca.pem;
> #proxy_ssl_session_reuse on;
> proxy_ssl_verify on;
> proxy_ssl_verify_depth 4;
> # proxy_ssl_verify_client optional;
> ssl_certificate /etc/ssl/certs/server.crt;
> ssl_certificate_key /etc/ssl/certs/server.key;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers HIGH:!aNULL:!MD5;
> ssl_session_cache shared:SSL:20m;
> ssl_session_timeout 4h;
> ssl_handshake_timeout 30s;
> }
>
> }
>
> albert
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160916/893abefe/attachment.html>
More information about the nginx
mailing list