Hello!

On Wed, Aug 28, 2013 at 09:20:46AM +0100, Phil Parker wrote:

> This has been discussed in detail previously:
>
> http://trac.nginx.org/nginx/ticket/13
> http://mailman.nginx.org/pipermail/nginx-devel/2011-September/001182.html
>
> I have created a patch that I'm using locally and would like to contribute
> but am a first-time contributor so looking for advice.

Given the fact that Aviram Cohen's patch for the same ticket is
already in the review process, I would suggest you to join
review/testing instead.

See this thread for details:
http://mailman.nginx.org/pipermail/nginx-devel/2013-August/004085.html

> The way I've implemented it supports two (mutually exclusive) new
> directives on a location. e.g.
>
> location / {
> proxy_ssl_peer_certificate_path "/tmp/sslcerts";
> #proxy_ssl_peer_certificate_file "/tmp/sslcerts/cert.pem";
> proxy_pass ....
> }
>
> These are passed through to SSL_CTX_load_verify_locations (
> http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html)

Just a side note: we don't provide "_path" variants for other
certificate verification directives, so it's unlikely it will be
accepted for a proxy peer verification.

> The main advice I'm looking for:
>
> 1) Is this implemented in a way that is useful for others?
> 2) Should I be writing tests/test driving? If so, how?

Writing tests may make sense (though not required), test suite is
available at http://hg.nginx.org/nginx-tests.

> 3) Anything in the patch (below) that needs to be changed (implementation
> or style)?
> 4) How best to submit the patch (I've currently made it against 1.4.2 and
> just created a patch file, not currently a Mercurial user but can check-out
> if necessary)?

Basic recommendations can be found here:

http://nginx.org/en/docs/contributing_changes.html

[...]

--
Maxim Dounin
http://nginx.org/en/donation.html

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel