Ryfujk

Several mode to write the symbol of a vector

Indicator light circuit

Example of a Mathematician/Physicist whose Other Publications during their PhD eclipsed their PhD Thesis

How fast would a person need to move to trick the eye?

What's the best way to handle refactoring a big file?

How did the Bene Gesserit know how to make a Kwisatz Haderach?

Are there any unintended negative consequences to allowing PCs to gain multiple levels at once in a short milestone-XP game?

Anatomically Correct Strange Women In Ponds Distributing Swords

Sending manuscript to multiple publishers

Preparing Indesign booklet with .psd graphics for print

What is the result of assigning to std::vector<T>::begin()?

Why do professional authors make "consistency" mistakes? And how to avoid them?

Complex fractions

Inappropriate reference requests from Journal reviewers

Help understanding this unsettling image of Titan, Epimetheus, and Saturn's rings?

Unreliable Magic - Is it worth it?

Can I equip Skullclamp on a creature I am sacrificing?

Between two walls

What was the first Unix version to run on a microcomputer?

Which tube will fit a -(700 x 25c) wheel?

Why has the US not been more assertive in confronting Russia in recent years?

If the heap is initialized for security, then why is the stack uninitialized?

Do I need to enable Dev Hub in my PROD Org?

Won the lottery - how do I keep the money?

Are there any way to check client certificate issuer in lighttpd?

3

I have to check client certificate issuer in the Lighttpd but can't find any variable for that.

Here is part of my config, related to ssl_mod:

$SERVER["socket"] == ":443" {   

            ssl.engine = "enable"           

            ssl.pemfile = "/etc/certs/this-server.pem"

            ssl.ca-file = "/etc/certs/allcas.pem"

            ssl.verifyclient.activate = "enable"

            ssl.verifyclient.username = "enable"

}

ssl ssl-certificate lighttpd

share|improve this question

asked Oct 13 '11 at 12:54

Alexander ArtemenkoAlexander Artemenko

60331011

bumped to the homepage by Community♦ 11 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

3

I have to check client certificate issuer in the Lighttpd but can't find any variable for that.

Here is part of my config, related to ssl_mod:

$SERVER["socket"] == ":443" {   

            ssl.engine = "enable"           

            ssl.pemfile = "/etc/certs/this-server.pem"

            ssl.ca-file = "/etc/certs/allcas.pem"

            ssl.verifyclient.activate = "enable"

            ssl.verifyclient.username = "enable"

}

ssl ssl-certificate lighttpd

share|improve this question

asked Oct 13 '11 at 12:54

Alexander ArtemenkoAlexander Artemenko

60331011

bumped to the homepage by Community♦ 11 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I have to check client certificate issuer in the Lighttpd but can't find any variable for that.

Here is part of my config, related to ssl_mod:

$SERVER["socket"] == ":443" {   

            ssl.engine = "enable"           

            ssl.pemfile = "/etc/certs/this-server.pem"

            ssl.ca-file = "/etc/certs/allcas.pem"

            ssl.verifyclient.activate = "enable"

            ssl.verifyclient.username = "enable"

}

ssl ssl-certificate lighttpd

share|improve this question

asked Oct 13 '11 at 12:54

Alexander ArtemenkoAlexander Artemenko

60331011

$SERVER["socket"] == ":443" {   

            ssl.engine = "enable"           

            ssl.pemfile = "/etc/certs/this-server.pem"

            ssl.ca-file = "/etc/certs/allcas.pem"

            ssl.verifyclient.activate = "enable"

            ssl.verifyclient.username = "enable"

}

share|improve this question

asked Oct 13 '11 at 12:54

Alexander ArtemenkoAlexander Artemenko

60331011

share|improve this question

asked Oct 13 '11 at 12:54

Alexander ArtemenkoAlexander Artemenko

60331011

asked Oct 13 '11 at 12:54

Alexander ArtemenkoAlexander Artemenko

60331011

asked Oct 13 '11 at 12:54

Alexander ArtemenkoAlexander Artemenko

60331011

1 Answer
1

active

oldest

votes

0

I am currently struggling with some similar questions (let me stress "struggling"!). I am not quite there yet but from my extensive research the following looks promising.

The option ssl.verifyclient.username = "SSL_CLIENT_S_*" seems to only give information about the subject, i.e. the user.
As of version 1.4.25, ssl.verifyclient.exportcert = "enable" though should give you access to the full certificate which can be evaluated in 'env:SSL_CLIENT_CERT'.

Source: http://nginxvslighttpd.com/2011/08/lighttpd-ssl-module/ (section "Configuration").

Please report back with success or failure report!

share|improve this answer

edited Oct 17 '11 at 21:18

answered Oct 17 '11 at 19:40

sm8pssm8ps

11

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, I found this option too and implemented check in the backend, using python-openssl. But after that, switched to the Nginx, anyway, because it is able to check issuer and have easier configs.
  
  – Alexander Artemenko
  Oct 28 '11 at 13:24
  
  
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f321145%2fare-there-any-way-to-check-client-certificate-issuer-in-lighttpd%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

I am currently struggling with some similar questions (let me stress "struggling"!). I am not quite there yet but from my extensive research the following looks promising.

The option ssl.verifyclient.username = "SSL_CLIENT_S_*" seems to only give information about the subject, i.e. the user.
As of version 1.4.25, ssl.verifyclient.exportcert = "enable" though should give you access to the full certificate which can be evaluated in 'env:SSL_CLIENT_CERT'.

Source: http://nginxvslighttpd.com/2011/08/lighttpd-ssl-module/ (section "Configuration").

Please report back with success or failure report!

share|improve this answer

edited Oct 17 '11 at 21:18

answered Oct 17 '11 at 19:40

sm8pssm8ps

11

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, I found this option too and implemented check in the backend, using python-openssl. But after that, switched to the Nginx, anyway, because it is able to check issuer and have easier configs.
  
  – Alexander Artemenko
  Oct 28 '11 at 13:24
  
  
  

  
  
  
  

add a comment | 

0

I am currently struggling with some similar questions (let me stress "struggling"!). I am not quite there yet but from my extensive research the following looks promising.

The option ssl.verifyclient.username = "SSL_CLIENT_S_*" seems to only give information about the subject, i.e. the user.
As of version 1.4.25, ssl.verifyclient.exportcert = "enable" though should give you access to the full certificate which can be evaluated in 'env:SSL_CLIENT_CERT'.

Source: http://nginxvslighttpd.com/2011/08/lighttpd-ssl-module/ (section "Configuration").

Please report back with success or failure report!

share|improve this answer

edited Oct 17 '11 at 21:18

answered Oct 17 '11 at 19:40

sm8pssm8ps

11

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, I found this option too and implemented check in the backend, using python-openssl. But after that, switched to the Nginx, anyway, because it is able to check issuer and have easier configs.
  
  – Alexander Artemenko
  Oct 28 '11 at 13:24
  
  
  

  
  
  
  

add a comment | 

I am currently struggling with some similar questions (let me stress "struggling"!). I am not quite there yet but from my extensive research the following looks promising.

The option ssl.verifyclient.username = "SSL_CLIENT_S_*" seems to only give information about the subject, i.e. the user.
As of version 1.4.25, ssl.verifyclient.exportcert = "enable" though should give you access to the full certificate which can be evaluated in 'env:SSL_CLIENT_CERT'.

Source: http://nginxvslighttpd.com/2011/08/lighttpd-ssl-module/ (section "Configuration").

Please report back with success or failure report!

share|improve this answer

edited Oct 17 '11 at 21:18

answered Oct 17 '11 at 19:40

sm8pssm8ps

11

share|improve this answer

edited Oct 17 '11 at 21:18

answered Oct 17 '11 at 19:40

sm8pssm8ps

11

answered Oct 17 '11 at 19:40

sm8pssm8ps

11

answered Oct 17 '11 at 19:40

sm8pssm8ps

11