patch for support of SSL_CLIENT_CERT
Igor Sysoev
is at rambler-co.ru
Mon Jul 28 23:11:31 MSD 2008
On Sat, Jul 26, 2008 at 01:24:57PM +0200, Manlio Perillo wrote:
> Igor Sysoev ha scritto:
> >On Thu, Jul 24, 2008 at 12:02:50PM +0200, Manlio Perillo wrote:
> >
> >>Igor Sysoev ha scritto:
> >>>[...]
> >>>>>I'm going to change $ssl_client_cert: I want to add TABs in new line
> >>>>>begining:
> >>>>>
> >>>>>-----BEGIN CERTIFICATE-----
> >>>>> MIIFHTCCBAWgAwIBAg...
> >>>>> ...
> >>>>> ...mnshtt0=
> >>>>> -----END CERTIFICATE-----
> >>>>>
> >>>>>This will allow to pass the variable in proxied header.
> >>>>>
> >>>>>Any objections ?
> >>>>>
> >>>>Will it be readable by OpenSSL without removing the TABs?
> >>>Do you mean PEM_read_bio_X509() ?
> >>Yes.
> >>
> >>>It read it unless "-----END CERTIFICATE-----" is not TABed, i.e.:
> >>>
> >>Ok, thanks.
> >>
> >>No problems with me.
> >
> >I have decided to introduce new variable. However, I can not choose name.
> >Variants:
> >
> > $x_ssl_client_cert
> > $ssl_client_cert_as_header
> > $ssl_client_cert_tabbed
> >
> >Now I like the first one.
> >
>
> What about having $ssl_client_cert return the certificate with tabs, and
> $ssl_client_cert_raw return the "raw" certificate?
I like it. Thus $ssl_client_raw_cert will be a certificate as is and
$ssl_client_cert will be a certificate with tabs to use it
in proxy_set_header.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list