[PATCH] Mail: added support for SSL client certificate

Franck Levionnois flevionnois at gmail.com
Tue Mar 18 17:40:23 UTC 2014


Hello,

It doesn't seem to exist a standard for this header name. Apache and F5 let
the user choose it, but this make the configuration more complicated. I
don't think that the name is a problem, because it can be set on the
authorization server.

If the certificate is transmited, all other informations are duplicated
(except Auth-Verify). Forwarding the certificate is the most usefull,
because it can be used to make controls on its properties.

Kind regards,
Franck Levionnois.



2014-03-07 12:31 GMT+01:00 Maxim Dounin <mdounin at mdounin.ru>:

> Hello!
>
> On Fri, Mar 07, 2014 at 09:40:11AM +0100, Franck Levionnois wrote:
>
> > Hello,
> > I haven't seen any comment on this patch. Is it ok for you ?
>
> Sorry, I haven't yet had a time to look into it in detail.
>
> Most problematic part is still auth_http protocol changes - in
> particular, headers send and names used for them.  I tend to think
> there should be better names, and probably we can safely omit some
> information as duplicate/unneeded.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140318/ed546aa0/attachment-0001.html>


More information about the nginx-devel mailing list