How to read all client chain certificates from fastcgi request

Hi,

I configured my nginx with openssl as below:
server {
listen 443;
server_name localhost;

    ssl                  on;
    ssl_certificate     <Combined Server certificate and Root CA

certificate>
ssl_certificate_key
ssl_client_certificate

    ssl_verify_client on;
    ssl_verify_depth 3;

    ssl_session_cache shared:SSL:64k;
    ssl_session_timeout  10m;

    ssl_ciphers  HIGH:!aNULL:!MD5;

}

From client code I am sending client certificate as bellow
RootCA → IntermediateCA → Client

By using curl :
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, “PEM”);
curl_easy_setopt(curl,CURLOPT_SSLCERT,“ClientCom.crt”); // This
file
having three certificates

  if (pPassphrase)
    curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);

  curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");

  curl_easy_setopt(curl,CURLOPT_SSLKEY,"ClientKey.pem");
  curl_easy_setopt(curl,CURLOPT_CAINFO,"RootCA.crt");

My Server Code: As soon as nginx server gets any request from client,
below
call would be triggered from my Server as below.
ReadTLSSessionData (FCGX_Request *request)
{
FCGX_GetParam(“SSL_CLIENT_RAW_CERT”, request->envp);
FCGX_GetParam(“SSL_CLIENT_CERT”, request->envp);
}

Here I am receiving only one certificate from these environmental
variables.
But, I want to read all three certificates which client sending in PEM
format. Then I have to verify the extensions.

What is the environmental variable which gives all certificates from
client???

Below is my fastcgi.conf file:
fastcgi_param SSL_CLIENT_CERT $ssl_client_cert;
fastcgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
fastcgi_param SSL_CLIENT_SERIAL $ssl_client_serial;

Can anybody help me in this aspect!!!

Regards,
Sravana

Posted at Nginx Forum: