I have written a patch for adding support to the SSL_CLIENT_CERT
variable.
This variable containt the “full” client SSL certificate, in PEP format,
so that an application can load the certificate and use it.
Igor, do you think that this can go into Nginx?
Regards Manlio P.
Manlio P. ha scritto:
I have written a patch for adding support to the SSL_CLIENT_CERT variable.
This variable containt the “full” client SSL certificate, in PEP format,
so that an application can load the certificate and use it.Igor, do you think that this can go into Nginx?
Sorry, there is a fprintf/fflush in the code that should be removed.
Regards Manlio P.
On Tue, Jun 10, 2008 at 04:38:32PM +0200, Manlio P. wrote:
I have written a patch for adding support to the SSL_CLIENT_CERT variable.
This variable containt the “full” client SSL certificate, in PEP format,
so that an application can load the certificate and use it.Igor, do you think that this can go into Nginx?
Yes, thank you.
On Fri, Jun 13, 2008 at 06:26:10PM +0400, Igor S. wrote:
Yes, thank you.
I’m going to change $ssl_client_cert: I want to add TABs in new line
begining:
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAg…
…
…mnshtt0=
-----END CERTIFICATE-----
This will allow to pass the variable in proxied header.
Any objections ?
On Tue, Jul 22, 2008 at 02:02:40PM +0200, Manlio P. wrote:
…mnshtt0=
-----END CERTIFICATE-----This will allow to pass the variable in proxied header.
Any objections ?
Will it be readable by OpenSSL without removing the TABs?
Do you mean PEM_read_bio_X509() ?
It read it unless “-----END CERTIFICATE-----” is not TABed, i.e.:
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAg…
…
…mnshtt0=
-----END CERTIFICATE-----
Igor S. ha scritto:
This will allow to pass the variable in proxied header.
Any objections ?
Will it be readable by OpenSSL without removing the TABs?
Do you mean PEM_read_bio_X509() ?
Yes.
It read it unless “-----END CERTIFICATE-----” is not TABed, i.e.:
Ok, thanks.
No problems with me.
Manlio P.
Igor S. ha scritto:
Igor, do you think that this can go into Nginx?
This will allow to pass the variable in proxied header.Any objections ?
Will it be readable by OpenSSL without removing the TABs?
Regards Manlio P.
On Fre 25.07.2008 20:20, Igor S. wrote:
I have decided to introduce new variable. However, I can not choose
name. Variants:$x_ssl_client_cert $ssl_client_cert_as_header $ssl_client_cert_tabbedNow I like the first one.
$ssl_client_cert_as_header +1
Aleks
On Thu, Jul 24, 2008 at 12:02:50PM +0200, Manlio P. wrote:
It read it unless “-----END CERTIFICATE-----” is not TABed, i.e.:
Ok, thanks.
No problems with me.
I have decided to introduce new variable. However, I can not choose
name.
Variants:
$x_ssl_client_cert
$ssl_client_cert_as_header
$ssl_client_cert_tabbed
Now I like the first one.
Igor S. ha scritto:
…mnshtt0=
It read it unless “-----END CERTIFICATE-----” is not TABed, i.e.:
$ssl_client_cert_tabbedNow I like the first one.
What about having $ssl_client_cert return the certificate with tabs, and
$ssl_client_cert_raw return the “raw” certificate?
Manlio P.
On 7/26/08, Manlio P. [email protected] wrote:
What about having $ssl_client_cert return the certificate with tabs, and
$ssl_client_cert_raw return the “raw” certificate?
i like this idea +1
On Sat, Jul 26, 2008 at 01:24:57PM +0200, Manlio P. wrote:
…
$ssl_client_cert_as_header $ssl_client_cert_tabbedNow I like the first one.
What about having $ssl_client_cert return the certificate with tabs, and
$ssl_client_cert_raw return the “raw” certificate?
I like it. Thus $ssl_client_raw_cert will be a certificate as is and
$ssl_client_cert will be a certificate with tabs to use it
in proxy_set_header.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs