Project

General

Profile

Actions

Feature #2268

closed

Set serial number of the client certificate into environment

Added by cicik about 14 years ago. Updated about 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
TLS
Target version:
ASK QUESTIONS IN Forums:

Description

During SSL client validation there is no certificate's serial number set into environment.
We can't read this in backends such as PHP. There was a patch for lighttpd 1.4.19 but it won't work with current versions. I think it's good idea to include this in main branch.

I attach a patch for lighttpd 1.4.28.


Files

lighttpd-1.4.28-clientvalidation-serialenv.patch (1.11 KB) lighttpd-1.4.28-clientvalidation-serialenv.patch Patch to set serial number of the client certificate into environment cicik, 2010-10-23 14:01

Related issues 1 (0 open1 closed)

Has duplicate Feature #2652: [patch] Add additional SSL env variables for strict client certificate authentication and authorizationDuplicate2015-07-04Actions
Actions #1

Updated by stbuehler over 13 years ago

  • Target version changed from 1.4.29 to 1.4.x

I thought i already said that somewhere (perhaps in the original ssl client cert ticket); i'd like to have a more "complete" list of things we want to export to backends (and i'd like to avoid the copy/paste style), and perhaps a sane way to configure them.

I don't like having dozens of patches for every single item...

Actions #2

Updated by cicik over 10 years ago

Three years later the problem still exists...

Actions #3

Updated by cicik over 10 years ago

  • Target version changed from 1.4.x to 1.4.36
Actions #4

Updated by stbuehler over 10 years ago

  • Target version changed from 1.4.36 to 1.4.x

And why do you think modifying the target version helps?

Actions #5

Updated by cicik over 10 years ago

I simply don't understand why you don't want to put tested solution in next release. Some people found it useful to have variable with certificate's serial number. These people made appropriate change for community in source code. And this change has been blocked for three years.... I don't understand. For three yers each time I want to update lighttpd on debian I have to download source code of the pachage, apply patch, compile and install.... waste of time.

Actions #6

Updated by stbuehler over 10 years ago

I don't like how the patch is doing it, and my first comment says what I'd like the patch to be. (There is no "assigning" in who "has" to do that; but obviously I didn't find the time to do it).

Telling maintainers to ignore implementation details of "tested" patches is rude - because they have to maintain them in the end.

Actions #7

Updated by gstrauss over 8 years ago

  • Category changed from core to TLS
Actions #8

Updated by gstrauss over 8 years ago

  • Missing in 1.5.x deleted (Yes)
Actions #9

Updated by gstrauss about 8 years ago

  • Related to Feature #2652: [patch] Add additional SSL env variables for strict client certificate authentication and authorization added
Actions #10

Updated by gstrauss about 8 years ago

  • Related to deleted (Feature #2652: [patch] Add additional SSL env variables for strict client certificate authentication and authorization)
Actions #11

Updated by gstrauss about 8 years ago

  • Has duplicate Feature #2652: [patch] Add additional SSL env variables for strict client certificate authentication and authorization added
Actions #12

Updated by gstrauss about 8 years ago

  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.42

@stbuehler wrote:

Telling maintainers to ignore implementation details of "tested" patches is rude - because they have to maintain them in the end.

I second that. Case in point: @cicik, your very simple patch has an obvious memory leak. BN_bn2hex() returns an allocated string which must be passed to OPENSSL_free(), which is clearly documented in the manpage for BN_bn2hex.

Actions #13

Updated by gstrauss about 8 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom