[PATCH] Mail: send starttls flag value to auth script

Maxim Dounin mdounin at mdounin.ru
Mon Mar 2 14:14:52 UTC 2015


On Mon, Mar 02, 2015 at 01:12:44PM +0100, Michael Kliewe wrote:

> with your changes there is a problem:
> nginx now just sends the header if the connection is encrypted. 
> If the connection is not encrypted, then there is no header sent 
> to the auth script.
> In the auth script I cannot distinguish between "user did not 
> use encryption" and "nginx doesn't have the feature" (because of 
> mixed nginx versions).
> With the original version of the patch this was possible.

Try updating all your nginx instances before using the header for 
something limiting, it is expected to resolve your problem.

Either way, the only safe thing to do if "nginx doesn't have the 
feature" is to assume there is no SSL if SSL matters.  And that's 
what current behaviour encourages.

Maxim Dounin

More information about the nginx-devel mailing list