Feature #2268
closedSet serial number of the client certificate into environment
Description
During SSL client validation there is no certificate's serial number set into environment.
We can't read this in backends such as PHP. There was a patch for lighttpd 1.4.19 but it won't work with current versions. I think it's good idea to include this in main branch.
I attach a patch for lighttpd 1.4.28.
Files
Updated by stbuehler over 13 years ago
- Target version changed from 1.4.29 to 1.4.x
I thought i already said that somewhere (perhaps in the original ssl client cert ticket); i'd like to have a more "complete" list of things we want to export to backends (and i'd like to avoid the copy/paste style), and perhaps a sane way to configure them.
I don't like having dozens of patches for every single item...
Updated by cicik over 10 years ago
Three years later the problem still exists...
Updated by stbuehler over 10 years ago
- Target version changed from 1.4.36 to 1.4.x
And why do you think modifying the target version helps?
Updated by cicik over 10 years ago
I simply don't understand why you don't want to put tested solution in next release. Some people found it useful to have variable with certificate's serial number. These people made appropriate change for community in source code. And this change has been blocked for three years.... I don't understand. For three yers each time I want to update lighttpd on debian I have to download source code of the pachage, apply patch, compile and install.... waste of time.
Updated by stbuehler over 10 years ago
I don't like how the patch is doing it, and my first comment says what I'd like the patch to be. (There is no "assigning" in who "has" to do that; but obviously I didn't find the time to do it).
Telling maintainers to ignore implementation details of "tested" patches is rude - because they have to maintain them in the end.
Updated by gstrauss about 8 years ago
- Related to Feature #2652: [patch] Add additional SSL env variables for strict client certificate authentication and authorization added
Updated by gstrauss about 8 years ago
- Related to deleted (Feature #2652: [patch] Add additional SSL env variables for strict client certificate authentication and authorization)
Updated by gstrauss about 8 years ago
- Has duplicate Feature #2652: [patch] Add additional SSL env variables for strict client certificate authentication and authorization added
Updated by gstrauss about 8 years ago
- Status changed from New to Patch Pending
- Target version changed from 1.4.x to 1.4.42
@stbuehler wrote:
Telling maintainers to ignore implementation details of "tested" patches is rude - because they have to maintain them in the end.
I second that. Case in point: @cicik, your very simple patch has an obvious memory leak. BN_bn2hex() returns an allocated string which must be passed to OPENSSL_free(), which is clearly documented in the manpage for BN_bn2hex.
Updated by gstrauss about 8 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset daab6f5cd5835a9b4a1d82d6447984c1d4d1c591.
Also available in: Atom