Opened 10 years ago
Closed 10 years ago
#449 closed enhancement (worksforme)
New variable for SubjectAltName in the client SSL certificate
| Reported by: | openid.bcgl.fr/benjamin | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.3.x |
| Keywords: | client-certificate ssl SubjectAltName | Cc: | |
| uname -a: | |||
| nginx -V: |
nginx version: nginx/1.4.3
TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_spdy_module --with-http_ssl_module --with-http_stub_status_module --with-http_addition_module --with-http_degradation_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_sub_module |
||
Description
Some new authentification systems like WebID-TLS [1] require to access to the SubjectAltName field of the client SSL X509 certificate.
Currently, to the best of our knowledge, no variable defined in SSL module [2] can extract this information. It would be nice to have a variable similar to $ssl_client_s_dn for this specific field or a general variable for the full certificate.
[1] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#the-certificate
[2] http://nginx.org/en/docs/http/ngx_http_ssl_module.html
Note:
See TracTickets
for help on using tickets.
A client certificate can be obtained via $ssl_client_cert and $ssl_client_raw_cert variables.