Feature #2415
[patch] Allow $HTTP["remoteuser"] to be used for certificate authorization
| Status: | New | Start date: | 2012-04-22 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | Estimated time: | 0.00 hour | |
| Target version: | 1.4.x | |||
| Missing in 1.5.x: | No |
Description
At the moment, it is possible to require client certificates from a trusted CA. However, there appears to be no way to require a specific certificate for authorization control.
With the attached patch, it is possible to use $HTTP["remoteuser"] in logic decisions by setting:
ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
ssl.verifyclient.exportcert = "enable"
Example syntax could be:
$HTTP["url"] =~ "^/cert_required" {
$HTTP["remoteuser"] !~ "my cert CN" {
url.access-deny = ( "" )
}
}
lighttpd-1.4.30-remoteuser.diff 
(2.92 KB)
Also available in: Atom