On 26 November 2013 22:48, Radha Venkatesh (radvenka)
<radvenka@cisco.com> wrote:
> Jonathan,
>
> The requirement is that we match an existing hostname entry in /etc/hosts with the Client certificate CN (CN has to be the hostname of the client).

That's not really saying anything /new/, is it? ;-)

Here are some examples of different things that your requirement could mean:

1) Do you want to ensure that the CN that is presented merely *exists*
in /etc/hosts?
2) Do you want to ensure that the connection came from an IP that the
CN's entry in /etc/hosts matches?
3) Both of #1 and #2 combined?

Please give some representative examples of CNs being presented,
/etc/hosts contents, and the allow/deny behaviour you want to see
based on those combinations. Your requirement, whilst obvious and
clear to yourself, is not clear to some people (well, me at least!) as
they don't have their head deep inside your project.

Regards,
Jonathan

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx