Opened 10 years ago
Closed 7 years ago
#366 closed enhancement (fixed)
Feature that return ssl_client_s_dn according to the RFC 2253
|Reported by:||Axel Perrier||Owned by:|
|uname -a:||Linux vm_AP2 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux|
nginx version: nginx/1.4.1
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --prefix=/nginx --user=nginx
It would be great if there is a way to get the subject dn in the rfc 2253 as Apache since the 2.3 version. Here is the RFC http://www.ietf.org/rfc/rfc2253.txt.
I think about an option that permit get this kind of behaviour.
Change History (3)
comment:1 by , 10 years ago
|Status:||new → accepted|
comment:2 by , 7 years ago
I implemented this as a module for myself, but it's something I could easily adapt to being a configurable option in the core SSL module.
The sample is at https://gist.github.com/skroll/64c8bfdca89d9cd286df
Would it make sense to have a setting that changed the output? X509_NAME_print_ex accepts various flags to control the output (the old format, RFC 2253, etc). If it's worth doing as an option, I'll put together a changeset for ngx_http_ssl_module.
comment:3 by , 7 years ago
|Status:||accepted → closed|
Format of the $ssl_client_s_dn and $ssl_client_i_dn variables was changed in 56d6bfe6b609 to follow RFC 2253 (RFC 4514), available in 1.11.6.
Yes, this may be useful. See also discussion in #342 for some additional details.