Welcome! Log In Create A New Profile

How to contribute fix for checking x509 extended key attrs to nginx?

Forum List Message List New Topic Print View

Ethan Rahn via nginx-devel

January 10, 2017 06:42PM

Hello,

I noticed that nginx does not check x509v3 certificates ( in
event/ngx_event_openssl.c::ngx_ssl_get_client_verify as an example ) to see
that the optional extended key usage settings are correct. I have a patch
for this that I would like to contribute, but I'm unable to find
contribution guidelines on the nginx web-site.

The effect of this issue is that someone could offer a client certificate
that has extended key usage set to say, serverAuth. This would be a
violation of RFC 5280 - Section 4.2.1.12. I fix this by checking the
bitfield manually to see that the settings are correct.

Cheers,

Ethan
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
How to contribute fix for checking x509 extended key attrs to nginx?	Ethan Rahn via nginx-devel	583	January 10, 2017 06:42PM
Re: How to contribute fix for checking x509 extended key attrs to nginx?	Alexey Ivanov	245	January 10, 2017 10:00PM
Re: How to contribute fix for checking x509 extended key attrs to nginx?	Maxim Dounin	267	January 11, 2017 09:04AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 184

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

How to contribute fix for checking x509 extended key attrs to nginx?

How to contribute fix for checking x509 extended key attrs to nginx?

Re: How to contribute fix for checking x509 extended key attrs to nginx?

Re: How to contribute fix for checking x509 extended key attrs to nginx?

Online Users