On Wed, Nov 26, 2014 at 11:24:45AM -0500, sandeepkolla99 wrote:

Hi there,

> I'm able to verify client certificate successfully. Now, additionally I want
> perform the following three validations on client certificate

You have $ssl_client_s_dn.

If you want to stay purely in nginx.conf, can you use "map" or another
regex match to extract the parts that you want into whatever variables
you want?

If you intend to use some backend processor (proxy_pass, fastcgi_pass),
then potentially you could send the variables or the certificate there
for validation.

Of you could use one of the embedded languages to access the same
variables.

I am not aware that stock nginx auto-creates extra variables beyond those
which are in the documentation -- if you want more, you do it yourself.

> I'm trying to find the nginx configuration statements to implement these
> validations. Please let me know if I need to elaborate this further.

Use "if" to compare (bits of) $ssl_client_s_dn with the thing you want,
and act accordingly.

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx