[PATCH] Add ssl_client_not_before and ssl_client_not_after request
Andrey Kulikov
amdeich at gmail.com
Mon Sep 7 17:18:29 UTC 2015
Hello,
Nginx SSL module allow to use some variables:
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables
But sometimes tey are not enough.
Please find attached patch, adding two more:
$ssl_client_not_before - Validity date from client certificate 'Not Before'
$ssl_client_not_after - Validity date from client certificate 'Not After'
After applying changes you may use them in configuration along with other
variables:
location /test_headers/ {
proxy_set_header X-ClientCert-SubjectSerial $ssl_client_serial;
proxy_set_header X-ClientCert-NotBefore $ssl_client_not_before;
proxy_set_header X-ClientCert-NotAfter $ssl_client_not_after;
proxy_pass http://192.168.88.156/;
}
And it will appears in (in this case) in proxied content in the following
form:
X-ClientCert-SubjectSerial: 120005C82FBE782D06D89FF14800000005C82F
X-ClientCert-NotBefore: Jul 9 22:20:31 2015 GMT
X-ClientCert-NotAfter: Oct 9 22:30:31 2015 GMT
Tested on 1.8.0, tested that it can be cleanly applied to 1.9.4.
Feel free to ask any questions regarding this matter.
Best wishes,
Andrey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150907/b882c294/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: add_client_not_before_not_aster_var.patch
Type: text/x-patch
Size: 3964 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150907/b882c294/attachment.bin>
More information about the nginx-devel
mailing list