[prev in list] [next in list] [prev in thread] [next in thread]
List: nginx
Subject: Header SSL client certificate
From: "Equipe R&S Netplus" <netplus.root () gmail ! com>
Date: 2014-12-29 16:26:51
Message-ID: CAGeXBwM=u5RQ_iR64Hhe4qd8j0zULvzqrRs1Svuv1nLhtYmUow () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello,
I use nginx as a reverse-proxy.
I would like to set a header, more precisely a header that contain the SSL
client certificate.
However, the variable '$ssl_client_cert' add some character that I don't
want (like tab characters)
<<
proxy_set_header X-SSL-CLI-CERT $ssl_client_cert;
>>
I test with '$ssl_client_raw_cert', but the webserver in backend (here
apache) doesn't understand the certificate and return this :
<<
request failed: error reading the headers
>>
I see a previous post mentionning a workarount with 'map' (
http://forum.nginx.org/read.php?2,236546,236546) :
<<
map $ssl_client_raw_cert $a {
"~^(-.*-\n)(?<1st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\n)?((?<d>[^\n]+)\=
n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^\n]+)\n)?((?<h>[^\n]+)\n)?((?<=
i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]=
+)\n)?((?<n>[^\n]+)\n)?((?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?(=
(?<r>[^\n]+)\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[^=
\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n=
)?(-.*-)$"
$1st;
}
>>
But in debug log file of nginx, I have an error :
<<
[alert] 19820#0: *21 pcre_exec() failed: -8 on "
...
CERTIFICATE CONTENT
...
" using "^(-.*-
)(?<1st>[^
...
>>
I'm using nginx version 1.6.2, do you know another workaround please ?
Thank you.
[Attachment #5 (text/html)]
<div dir="ltr"><div><div><div><div><div>Hello,<br><br>I use nginx as a \
reverse-proxy.<br>I would like to set a header, more precisely a header that contain \
the SSL client certificate.<br></div>However, the variable '$ssl_client_cert' \
add some character that I don't want (like tab \
characters)<br><br><<<br>proxy_set_header X-SSL-CLI-CERT \
$ssl_client_cert;<br>>><br><br></div>I test with \
'$ssl_client_raw_cert', but the webserver in backend (here apache) \
doesn't understand the certificate and return this :<br><br><<<br>request \
failed: error reading the headers<br>>><br><br></div>I see a previous post \
mentionning a workarount with 'map' (<a \
href="http://forum.nginx.org/read.php?2,236546,236546">http://forum.nginx.org/read.php?2,236546,236546</a>) \
:<br><br><<<br>map $ssl_client_raw_cert $a \
{<br>"~^(-.*-\n)(?<1st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\ \
n)?((?<d>[^\n]+)\n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^ \
\n]+)\n)?((?<h>[^\n]+)\n)?((?<i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k \
>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]+)\n)?((?<n>[^\n]+)\n)?(( \
?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?((?<r>[^\n]+) \
\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[ \
^\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n)?(-.*-)$"
$1st;<br>}<br>>><br><br></div>But in debug log file of nginx, I have an error \
:<br><br><<<br>[alert] 19820#0: *21 pcre_exec() failed: -8 on \
"<br>...<br></div>CERTIFICATE CONTENT<br><div>...<br>" using \
"^(-.*-<br>)(?<1st>[^<br>...<br>>><br><div><br></div><div>I'm \
using nginx version 1.6.2, do you know another workaround please \
?<br><br></div><div>Thank you.<br><br></div></div></div>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic