Opened 11 years ago

Closed 11 years ago

#449 closed enhancement (worksforme)

New variable for SubjectAltName in the client SSL certificate

Reported by: Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.3.x
Keywords: client-certificate ssl SubjectAltName Cc:
uname -a:
nginx -V: nginx version: nginx/1.4.3
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/ --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_spdy_module --with-http_ssl_module --with-http_stub_status_module --with-http_addition_module --with-http_degradation_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_sub_module


Some new authentification systems like WebID-TLS [1] require to access to the SubjectAltName field of the client SSL X509 certificate.

Currently, to the best of our knowledge, no variable defined in SSL module [2] can extract this information. It would be nice to have a variable similar to $ssl_client_s_dn for this specific field or a general variable for the full certificate.


Change History (1)

comment:1 by Maxim Dounin, 11 years ago

Resolution: worksforme
Status: newclosed

A client certificate can be obtained via $ssl_client_cert and $ssl_client_raw_cert variables.

Note: See TracTickets for help on using tickets.