How to contribute fix for checking x509 extended key attrs to nginx?

Alexey Ivanov savetherbtz at
Wed Jan 11 02:58:21 UTC 2017

On Jan 10, 2017, at 3:41 PM, Ethan Rahn via nginx-devel <nginx-devel at> wrote:
> Hello,
> I noticed that nginx does not check x509v3 certificates ( in event/ngx_event_openssl.c::ngx_ssl_get_client_verify as an example ) to see that the optional extended key usage settings are correct. I have a patch for this that I would like to contribute, but I'm unable to find contribution guidelines on the nginx web-site.

> The effect of this issue is that someone could offer a client certificate that has extended key usage set to say, serverAuth. This would be a violation of RFC 5280 - Section I fix this by checking the bitfield manually to see that the settings are correct.
> Cheers,
> Ethan
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the nginx-devel mailing list