How to read all client chain certificates from fastcgi request.
sravanakk
nginx-forum at nginx.us
Thu May 9 09:01:17 UTC 2013
Hi,
I configured my nginx with openssl as below:
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate <Combined Server certificate and Root CA
certificate>
ssl_certificate_key <Server Key>
ssl_client_certificate <Root CA certificate>
ssl_verify_client on;
ssl_verify_depth 3;
ssl_session_cache shared:SSL:64k;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
}
>From client code I am sending client certificate as bellow
RootCA -> IntermediateCA -> Client
By using curl :
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
curl_easy_setopt(curl,CURLOPT_SSLCERT,"ClientCom.crt"); // This file
having three certificates
if (pPassphrase)
curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"ClientKey.pem");
curl_easy_setopt(curl,CURLOPT_CAINFO,"RootCA.crt");
My Server Code: As soon as nginx server gets any request from client, below
call would be triggered from my Server as below.
ReadTLSSessionData (FCGX_Request *request)
{
FCGX_GetParam("SSL_CLIENT_RAW_CERT", request->envp);
FCGX_GetParam("SSL_CLIENT_CERT", request->envp);
}
Here I am receiving only one certificate from these environmental variables.
But, I want to read all three certificates which client sending in PEM
format. Then I have to verify the extensions.
What is the environmental variable which gives all certificates from
client???
Below is my fastcgi.conf file:
fastcgi_param SSL_CLIENT_CERT $ssl_client_cert;
fastcgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
fastcgi_param SSL_CLIENT_SERIAL $ssl_client_serial;
Can anybody help me in this aspect!!!
Regards,
Sravana
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239048,239048#msg-239048
More information about the nginx
mailing list