patch for support of SSL_CLIENT_CERT

Igor Sysoev is at rambler-co.ru
Wed Jul 23 21:07:38 MSD 2008


On Tue, Jul 22, 2008 at 02:02:40PM +0200, Manlio Perillo wrote:

> Igor Sysoev ha scritto:
> >On Fri, Jun 13, 2008 at 06:26:10PM +0400, Igor Sysoev wrote:
> >
> >>On Tue, Jun 10, 2008 at 04:38:32PM +0200, Manlio Perillo wrote:
> >>
> >>>I have written a patch for adding support to the SSL_CLIENT_CERT 
> >>>variable.
> >>>
> >>>This variable containt the "full" client SSL certificate, in PEP format, 
> >>>so that an application can load the certificate and use it.
> >>>
> >>>
> >>>Igor, do you think that this can go into Nginx?
> >>Yes, thank you.
> >
> >I'm going to change $ssl_client_cert: I want to add TABs in new line 
> >begining:
> >
> >-----BEGIN CERTIFICATE-----
> >	MIIFHTCCBAWgAwIBAg...
> >	...
> >	...mnshtt0=
> >	-----END CERTIFICATE-----
> >
> >This will allow to pass the variable in proxied header.
> >
> >Any objections ?
> >
> 
> Will it be readable by OpenSSL without removing the TABs?

Do you mean PEM_read_bio_X509() ?
It read it unless "-----END CERTIFICATE-----" is not TABed, i.e.:

-----BEGIN CERTIFICATE-----
	MIIFHTCCBAWgAwIBAg...
	...
	...mnshtt0=
-----END CERTIFICATE-----


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list