Header SSL client certificate

Equipe R&S Netplus netplus.root at gmail.com
Mon Dec 29 16:26:51 UTC 2014


Hello,

I use nginx as a reverse-proxy.
I would like to set a header, more precisely a header that contain the SSL
client certificate.
However, the variable '$ssl_client_cert' add some character that I don't
want (like tab characters)

<<
proxy_set_header        X-SSL-CLI-CERT       $ssl_client_cert;
>>

I test with '$ssl_client_raw_cert', but the webserver in backend (here
apache) doesn't understand the certificate and return this :

<<
request failed: error reading the headers
>>

I see a previous post mentionning a workarount with 'map' (
http://forum.nginx.org/read.php?2,236546,236546) :

<<
map $ssl_client_raw_cert $a {
"~^(-.*-\n)(?<1st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\n)?((?<d>[^\n]+)\n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^\n]+)\n)?((?<h>[^\n]+)\n)?((?<i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]+)\n)?((?<n>[^\n]+)\n)?((?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?((?<r>[^\n]+)\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[^\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n)?(-.*-)$"
$1st;
}
>>

But in debug log file of nginx, I have an error :

<<
[alert] 19820#0: *21 pcre_exec() failed: -8 on "
...
CERTIFICATE CONTENT
...
" using "^(-.*-
)(?<1st>[^
...
>>

I'm using nginx version 1.6.2, do you know another workaround please ?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20141229/80be1827/attachment.html>


More information about the nginx mailing list