[PATCH] add support for ssl.cadn-file
If ssl.cadn-file is not set, fallback to ssl.ca-file.
The ssl.cadn-file option provides independent control of
the "certificate_authorities" field (see RFC 5246 section
7.4.4 Certificate Request) separate from the actual list
of trusted certificate authorities used for client
It may be necessary to send a hint that includes the DN
of a non-root client CA in order to receive the correct
certificate from the client, but such a non-root CA really
does not belong in the trusted client root CA list.
Patch file attached.
Updated by mackyle over 7 years ago
- File 0003-ssl-add-support-for-ssl.cadn-file_patch.txt 0003-ssl-add-support-for-ssl.cadn-file_patch.txt added
A recent change ([stat] mimetype.xattr-name global config option) broke this patch.
Updated by gstrauss over 7 years ago
Patches are much more likely to be included if there is someone with whom I can discuss the patches, and who can reliably test lighttpd once those patches have been applied (and before the patches are included in a lighttpd release).
mackyle had posted a few pull requests, including 62, 63, and 64
I left quite a few comments in https://github.com/lighttpd/lighttpd1.4/pull/63 but unfortunately got no response, and I am hesitant to spend time reviewing and maintaining drive-by patch dumps.
The patch you updated (above) is also submitted as a pull request at https://github.com/lighttpd/lighttpd1.4/pull/64
Also available in: Atom