Welcome! Log In Create A New Profile

Advanced

Re: Problem with proxy_set_header $ssl_client_cert

Sergey Budnevitch
February 25, 2013 04:00PM
On 25 Feb2013, at 18:37 , Lynoure <nginx-forum@nginx.us> wrote:

>> The $ssl_client_cert variable abuses header continuation, and this
>> doesn't work with many http servers (including nginx itself).
>
> Noticed that with spray-can.
>
>> There should be more portable way to pass client certificate to an
>> upstream server.
>
> Is there already, or is there one in plans? Any known workarounds? Encoding
> and decoding the $ssl_client_cert somehow? (I'm really new to nginx.)

You could hack ngx_ssl_get_certificate() function to get certificate in one line,
or there is an ugly, but possible way to remove limited number of newline
characters from variable with map directive:

map $ssl_client_raw_cert $a {
"~^(-.*-\n)(?<1st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\n)?((?<d>[^\n]+)\n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^\n]+)\n)?((?<h>[^\n]+)\n)?((?<i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]+)\n)?((?<n>[^\n]+)\n)?((?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?((?<r>[^\n]+)\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[^\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n)?(-.*-)$" $1st;
}

server {
location / {
proxy_set_header X-cert $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$v$u$w$x$y$z;
proxy_pass http://localhost:8000;
}
}

Example works for up to 26 line certificate, you could extend it to reasonable number of lines.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Problem with proxy_set_header $ssl_client_cert

jstrybis February 24, 2013 09:41AM

Re: Problem with proxy_set_header $ssl_client_cert

Maxim Dounin February 24, 2013 01:02PM

Re: Problem with proxy_set_header $ssl_client_cert

Lynoure February 25, 2013 09:37AM

Re: Problem with proxy_set_header $ssl_client_cert

Sergey Budnevitch February 25, 2013 04:00PM

Re: Problem with proxy_set_header $ssl_client_cert

Lynoure February 26, 2013 06:27AM

Re: Problem with proxy_set_header $ssl_client_cert

jstrybis February 25, 2013 05:00PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 80
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready