Opened 11 years ago
Closed 7 years ago
#366 closed enhancement (fixed)
Feature that return ssl_client_s_dn according to the RFC 2253
| Reported by: | Axel Perrier | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | |
| Keywords: | ssl | Cc: | |
| uname -a: | Linux vm_AP2 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.4.1
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --with-http_ssl_module --prefix=/nginx --user=nginx |
||
Description
It would be great if there is a way to get the subject dn in the rfc 2253 as Apache since the 2.3 version. Here is the RFC http://www.ietf.org/rfc/rfc2253.txt.
I think about an option that permit get this kind of behaviour.
Change History (3)
comment:1 by , 11 years ago
| Status: | new → accepted |
|---|
comment:2 by , 8 years ago
I implemented this as a module for myself, but it's something I could easily adapt to being a configurable option in the core SSL module.
The sample is at https://gist.github.com/skroll/64c8bfdca89d9cd286df
Would it make sense to have a setting that changed the output? X509_NAME_print_ex accepts various flags to control the output (the old format, RFC 2253, etc). If it's worth doing as an option, I'll put together a changeset for ngx_http_ssl_module.
comment:3 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Format of the $ssl_client_s_dn and $ssl_client_i_dn variables was changed in 56d6bfe6b609 to follow RFC 2253 (RFC 4514), available in 1.11.6.
Yes, this may be useful. See also discussion in #342 for some additional details.