patch for support of SSL_CLIENT_CERT
Igor Sysoev
is at rambler-co.ru
Wed Jul 23 21:07:38 MSD 2008
On Tue, Jul 22, 2008 at 02:02:40PM +0200, Manlio Perillo wrote:
> Igor Sysoev ha scritto:
> >On Fri, Jun 13, 2008 at 06:26:10PM +0400, Igor Sysoev wrote:
> >
> >>On Tue, Jun 10, 2008 at 04:38:32PM +0200, Manlio Perillo wrote:
> >>
> >>>I have written a patch for adding support to the SSL_CLIENT_CERT
> >>>variable.
> >>>
> >>>This variable containt the "full" client SSL certificate, in PEP format,
> >>>so that an application can load the certificate and use it.
> >>>
> >>>
> >>>Igor, do you think that this can go into Nginx?
> >>Yes, thank you.
> >
> >I'm going to change $ssl_client_cert: I want to add TABs in new line
> >begining:
> >
> >-----BEGIN CERTIFICATE-----
> > MIIFHTCCBAWgAwIBAg...
> > ...
> > ...mnshtt0=
> > -----END CERTIFICATE-----
> >
> >This will allow to pass the variable in proxied header.
> >
> >Any objections ?
> >
>
> Will it be readable by OpenSSL without removing the TABs?
Do you mean PEM_read_bio_X509() ?
It read it unless "-----END CERTIFICATE-----" is not TABed, i.e.:
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAg...
...
...mnshtt0=
-----END CERTIFICATE-----
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list