Opened 7 years ago

Closed 4 years ago

#366 closed enhancement (fixed)

Feature that return ssl_client_s_dn according to the RFC 2253

Reported by: Axel Perrier Owned by:
Priority: minor Milestone:
Component: nginx-module Version:
Keywords: ssl Cc:
uname -a: Linux vm_AP2 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.4.1
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --prefix=/nginx --user=nginx

Description

It would be great if there is a way to get the subject dn in the rfc 2253 as Apache since the 2.3 version. Here is the RFC http://www.ietf.org/rfc/rfc2253.txt.

I think about an option that permit get this kind of behaviour.

Change History (3)

comment:1 by Maxim Dounin, 7 years ago

Status: newaccepted

Yes, this may be useful. See also discussion in #342 for some additional details.

comment:2 by skroll@…, 5 years ago

I implemented this as a module for myself, but it's something I could easily adapt to being a configurable option in the core SSL module.

The sample is at https://gist.github.com/skroll/64c8bfdca89d9cd286df

Would it make sense to have a setting that changed the output? X509_NAME_print_ex accepts various flags to control the output (the old format, RFC 2253, etc). If it's worth doing as an option, I'll put together a changeset for ngx_http_ssl_module.

comment:3 by Maxim Dounin, 4 years ago

Resolution: fixed
Status: acceptedclosed

Format of the $ssl_client_s_dn and $ssl_client_i_dn variables was changed in 56d6bfe6b609 to follow RFC 2253 (RFC 4514), available in 1.11.6.

Note: See TracTickets for help on using tickets.