Opened 20 months ago
Last modified 20 months ago
#2476 closed defect
Does the nginx supports sending the whole chain of client certificates over the ssl_client_escaped_cert — at Initial Version
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | nginx-module | Version: | 1.22.x |
| Keywords: | client-certificate-chain, client-auth | Cc: | Preetham777@… |
| uname -a: | Linux rocky8 | ||
| nginx -V: |
```
bash-4.4# nginx -V nginx version: nginx/1.22.1 built by gcc 8.5.0 20210514 (Red Hat 8.5.0-16) (GCC) built with OpenSSL 1.1.1k FIPS 25 Mar 2021 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_auth_request_module --with-http_degradation_module --add-dynamic-module=./3rd_party/njs-master/nginx --with-threads --with-stream --with-stream_ssl_module --with-file-aio --with-pcre-jit --without-pcre2 --with-mail --with-mail_ssl_module --with-http_drain_module --with-http_slice_module --with-http_v2_module --with-http_random_index_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_xslt_module --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --without-http_autoindex_module --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/wsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --add-module=./3rd_party/nginx_upstream_check_module --add-module=./3rd_party/nginx-sticky-module --add-module=./3rd_party/nginx-module-sts-master --add-module=./3rd_party/nginx-module-stream-sts-master --add-module=./3rd_party/nginx-module-vts-master --add-module=./3rd_party/ngx_devel_kit-0.3.0 --add-module=./3rd_party/lua-nginx-module-0.10.19 --add-module=./3rd_party/echo-nginx-module-master --add-module=./3rd_party/headers-more-nginx-module-master --add-module=./3rd_party/lua-upstream-nginx-module-master --add-module=./3rd_party/stream-lua-nginx-module-0.0.9 --add-module=./3rd_party/ngx_http_proxy_connect_module-master --add-module=./3rd_party/nginx_cookie_flag_module-master --add-module=./3rd_party/nginx_ajp_module-0.3.2 --add-module=./3rd_party/set-misc-nginx-module-0.32 --add-module=./3rd_party/ngx_http_substitutions_filter_module-master --add-dynamic-module=./3rd_party/ModSecurity-nginx-1.0.3 --with-ld-opt=-Wl,-rpath ``` |
||
Description
Hi Team,
I'm trying a setup where the client cert auth is enabled to optional_on_ca, and when the curl is initiated with client cert which is the chain of certificate ( in the order of client, inter CA, root CA cert). But when checked in the header ssl-client-cert only the client cert is being added and interCA and rootCA are discarded.
Is is supported by Nginx and if so yes is there any documentation on the same?
Note:
See TracTickets
for help on using tickets.
