upstream/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2026-05-04 17:26:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
Serveur web et reverse proxy
8276 commits 23 branches 585 tags 115 MiB
C 97.7%
Vim Script 1.7%
XS 0.4%
Perl 0.1%
Find a file
Sergey Kandaurov 18afcda938 SSL: optional ssl_client_certificate for ssl_verify_client. 
Starting from TLSv1.1 (as seen since draft-ietf-tls-rfc2246-bis-00),
the "certificate_authorities" field grammar of the CertificateRequest
message was redone to allow no distinguished names.  In TLSv1.3, with
the restructured CertificateRequest message, this can be similarly
done by optionally including the "certificate_authorities" extension.
This allows to avoid sending DNs at all.

In practice, aside from published TLS specifications, all supported
SSL/TLS libraries allow to request client certificates with an empty
DN list for any protocol version.  For instance, when operating in
TLSv1, this results in sending the "certificate_authorities" list as
a zero-length vector, which corresponds to the TLSv1.1 specification.
Such behaviour goes back to SSLeay.

The change relaxes the requirement to specify at least one trusted CA
certificate in the ssl_client_certificate directive, which resulted in
sending DNs of these certificates (closes #142).  Instead, all trusted
CA certificates can be specified now using the ssl_trusted_certificate
directive if needed.  A notable difference that certificates specified
in ssl_trusted_certificate are always loaded remains (see 3648ba7db).

Co-authored-by: Praveen Chaudhary <praveenc@nvidia.com>
2024-09-20 14:43:00 +04:00
.github Added CI based on GitHub Actions. 2024-09-04 20:01:47 +04:00
auto Configure: fixed building libatomic test. 2024-05-16 11:15:10 +02:00
conf Fixed a typo in win-utf. 2024-09-06 15:35:59 +04:00
contrib Contrib: vim syntax, update core and 3rd party module directives. 2023-07-24 18:04:41 +03:00
docs Moved LICENSE and README to root. 2024-08-30 18:06:39 +04:00
misc Moved LICENSE and README to root. 2024-08-30 18:06:39 +04:00
src SSL: optional ssl_client_certificate for ssl_verify_client. 2024-09-20 14:43:00 +04:00
CODE_OF_CONDUCT.md Added Code of Conduct. 2024-09-02 17:33:50 +04:00
CONTRIBUTING.md Added contributing guidelines. 2024-09-03 16:28:45 +04:00
LICENSE Removed C-style comments from LICENSE. 2024-08-30 18:06:39 +04:00
README Moved LICENSE and README to root. 2024-08-30 18:06:39 +04:00
SECURITY.md Added security policy. 2024-09-02 20:10:28 +04:00

README 

Documentation is available at http://nginx.org