id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
449	New variable for SubjectAltName in the client SSL certificate	openid.bcgl.fr/benjamin		"Some new authentification systems like WebID-TLS [1] require to access to the SubjectAltName field of the client SSL X509 certificate.

Currently, to the best of our knowledge, no variable defined in SSL module [2] can extract this information.  It would be nice to have a variable similar to $ssl_client_s_dn for this specific field or a general variable for the full certificate.


[1] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#the-certificate
[2] http://nginx.org/en/docs/http/ngx_http_ssl_module.html
"	enhancement	closed	minor		nginx-module	1.3.x	worksforme	client-certificate ssl SubjectAltName			"nginx version: nginx/1.4.3
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_spdy_module --with-http_ssl_module --with-http_stub_status_module --with-http_addition_module --with-http_degradation_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_sub_module
"