patch for support of SSL_CLIENT_CERT

Igor Sysoev is at rambler-co.ru
Mon Jul 28 23:11:31 MSD 2008


On Sat, Jul 26, 2008 at 01:24:57PM +0200, Manlio Perillo wrote:

> Igor Sysoev ha scritto:
> >On Thu, Jul 24, 2008 at 12:02:50PM +0200, Manlio Perillo wrote:
> >
> >>Igor Sysoev ha scritto:
> >>>[...]
> >>>>>I'm going to change $ssl_client_cert: I want to add TABs in new line 
> >>>>>begining:
> >>>>>
> >>>>>-----BEGIN CERTIFICATE-----
> >>>>>	MIIFHTCCBAWgAwIBAg...
> >>>>>	...
> >>>>>	...mnshtt0=
> >>>>>	-----END CERTIFICATE-----
> >>>>>
> >>>>>This will allow to pass the variable in proxied header.
> >>>>>
> >>>>>Any objections ?
> >>>>>
> >>>>Will it be readable by OpenSSL without removing the TABs?
> >>>Do you mean PEM_read_bio_X509() ?
> >>Yes.
> >>
> >>>It read it unless "-----END CERTIFICATE-----" is not TABed, i.e.:
> >>>
> >>Ok, thanks.
> >>
> >>No problems with me.
> >
> >I have decided to introduce new variable. However, I can not choose name.
> >Variants:
> >
> >     $x_ssl_client_cert
> >     $ssl_client_cert_as_header
> >     $ssl_client_cert_tabbed
> >
> >Now I like the first one.
> >
> 
> What about having $ssl_client_cert return the certificate with tabs, and 
> $ssl_client_cert_raw return the "raw" certificate?

I like it. Thus $ssl_client_raw_cert will be a certificate as is and
$ssl_client_cert will be a certificate with tabs to use it
in proxy_set_header.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list