Module's development and ssl

vchav · March 11, 2008, 1:16pm

Hi all

First, I’m sorry for my bad English My problem refers to the
development of a new module for nginx and I need to use client’s
publickey (with ssl) for authenticate the client…
I have no idea where I can found this.
Someone could give me an advice ?

Thanks in advance

vchav · March 11, 2008, 10:20pm

On Tue, Mar 11, 2008 at 01:16:33PM +0100, Chavelle V. wrote:

First, I’m sorry for my bad English My problem refers to the
development of a new module for nginx and I need to use client’s
publickey (with ssl) for authenticate the client…
I have no idea where I can found this.
Someone could give me an advice ?

There are some variables related to client’s certificate:
$ssl_client_serial serial number
$ssl_client_s_dn subejct DN
$ssl_client_i_dn issuer DN

vchav · March 12, 2008, 1:04pm

There are some variables related to client’s certificate:
$ssl_client_serial serial number
$ssl_client_s_dn subejct DN
$ssl_client_i_dn issuer DN

Thanks, I can read this to nginx wiki too :

$ssl_client_serial returns the series number of client certificate for

established SSL-connection

$ssl_client_s_dn returns line subject DN of client certificate for

established SSL-connection

$ssl_client_i_dn returns line issuer DN of client certificate for

established SSL-connection

But I don’t know how to access to them. I tried :
sscf = ngx_http_conf_get_module_loc_conf(r, ngx_http_ssl_module);
sscf->client_certificate.data;
But that don’t work.

Thanks in advance

vchav · March 12, 2008, 2:19pm

On Wed, Mar 12, 2008 at 01:04:14PM +0100, Chavelle V. wrote:

$ssl_client_i_dn returns line issuer DN of client certificate for

established SSL-connection

But I don’t know how to access to them. I tried :
sscf = ngx_http_conf_get_module_loc_conf(r, ngx_http_ssl_module);
sscf->client_certificate.data;
But that don’t work.

Look
ngx_ssl_get_subject_dn()
ngx_ssl_get_issuer_dn()
ngx_ssl_get_serial_number()

vchav · March 12, 2008, 3:50pm

Igor S. wrote:

Look
ngx_ssl_get_subject_dn()
ngx_ssl_get_issuer_dn()
ngx_ssl_get_serial_number()

ngx_ssl_get_serial_number() return me “02\n”. I would like the hash key
from public certificate. The string between BEGIN CERTIFICATE and END
CERTIFICATE. Is it possible ?

Thanks again

vchav · March 12, 2008, 7:23pm

Look ngx_ssl_get_serial_number() implementation.
It gets client certificate via
cert = SSL_get_peer_certificate(c->ssl->connection);
if (cert == NULL) {
    return NGX_OK;
}
and then using some OpenSSL functions it gets serial number.
Do the same for hash key.

Looks great ! Thanks a lot

vchav · March 12, 2008, 4:11pm

On Wed, Mar 12, 2008 at 03:50:51PM +0100, Chavelle V. wrote:

Igor S. wrote:

Look
ngx_ssl_get_subject_dn()
ngx_ssl_get_issuer_dn()
ngx_ssl_get_serial_number()

ngx_ssl_get_serial_number() return me “02\n”. I would like the hash key
from public certificate. The string between BEGIN CERTIFICATE and END
CERTIFICATE. Is it possible ?

Look ngx_ssl_get_serial_number() implementation.
It gets client certificate via

cert = SSL_get_peer_certificate(c->ssl->connection);
if (cert == NULL) {
    return NGX_OK;
}

and then using some OpenSSL functions it gets serial number.
Do the same for hash key.