patch for support of SSL_CLIENT_CERT
Manlio Perillo
manlio_perillo at libero.it
Sat Jul 26 15:24:57 MSD 2008
Igor Sysoev ha scritto:
> On Thu, Jul 24, 2008 at 12:02:50PM +0200, Manlio Perillo wrote:
>
>> Igor Sysoev ha scritto:
>>> [...]
>>>>> I'm going to change $ssl_client_cert: I want to add TABs in new line
>>>>> begining:
>>>>>
>>>>> -----BEGIN CERTIFICATE-----
>>>>> MIIFHTCCBAWgAwIBAg...
>>>>> ...
>>>>> ...mnshtt0=
>>>>> -----END CERTIFICATE-----
>>>>>
>>>>> This will allow to pass the variable in proxied header.
>>>>>
>>>>> Any objections ?
>>>>>
>>>> Will it be readable by OpenSSL without removing the TABs?
>>> Do you mean PEM_read_bio_X509() ?
>> Yes.
>>
>>> It read it unless "-----END CERTIFICATE-----" is not TABed, i.e.:
>>>
>> Ok, thanks.
>>
>> No problems with me.
>
> I have decided to introduce new variable. However, I can not choose name.
> Variants:
>
> $x_ssl_client_cert
> $ssl_client_cert_as_header
> $ssl_client_cert_tabbed
>
> Now I like the first one.
>
What about having $ssl_client_cert return the certificate with tabs, and
$ssl_client_cert_raw return the "raw" certificate?
Manlio Perillo
More information about the nginx
mailing list