Feature #2694
closed[PATCH] add support for ssl.cadn-file
Description
If ssl.cadn-file is not set, fallback to ssl.ca-file.
The ssl.cadn-file option provides independent control of
the "certificate_authorities" field (see RFC 5246 section
7.4.4 Certificate Request) separate from the actual list
of trusted certificate authorities used for client
certificate verification.
It may be necessary to send a hint that includes the DN
of a non-root client CA in order to receive the correct
certificate from the client, but such a non-root CA really
does not belong in the trusted client root CA list.
Patch file attached.
See also http://repo.or.cz/lighttpd/svnmirror/patches.git/commitdiff/40b4cee1
Files
Updated by mackyle over 8 years ago
- File 0003-ssl-add-support-for-ssl.cadn-file_patch.txt 0003-ssl-add-support-for-ssl.cadn-file_patch.txt added
A recent change ([stat] mimetype.xattr-name global config option) broke this patch.
An updated patch is attached. The two preceding parts to this SSL series (#2693 and #2692) are not affected.
See also http://repo.or.cz/lighttpd/svnmirror/patches.git/commitdiff/91469a0d
Updated by mackyle over 8 years ago
Updated to reflect deprecation of svn repository:
http://repo.or.cz/lighttpd/gitmirror/patches.git/commitdiff/refs/heads/patch/cadn-file
Updated by gstrauss over 8 years ago
- Assignee deleted (
stbuehler) - Missing in 1.5.x deleted (
Yes)
Updated by flynn over 8 years ago
- File ca-crl-1.4.41.patch ca-crl-1.4.41.patch added
I updated the patch for version 1.4.41.
Can this make it into version 1.4.42?
Updated by gstrauss over 8 years ago
Patches are much more likely to be included if there is someone with whom I can discuss the patches, and who can reliably test lighttpd once those patches have been applied (and before the patches are included in a lighttpd release).
mackyle had posted a few pull requests, including 62, 63, and 64
I left quite a few comments in https://github.com/lighttpd/lighttpd1.4/pull/63 but unfortunately got no response, and I am hesitant to spend time reviewing and maintaining drive-by patch dumps.
https://github.com/lighttpd/lighttpd1.4/pull/62
https://github.com/lighttpd/lighttpd1.4/pull/63
https://github.com/lighttpd/lighttpd1.4/pull/64
The patch you updated (above) is also submitted as a pull request at https://github.com/lighttpd/lighttpd1.4/pull/64
Updated by gstrauss over 7 years ago
- Status changed from New to Patch Pending
- Target version changed from 1.4.x to 1.4.46
Please note that flynn's patch above is related to #2319, not this ticket.
Updated by gstrauss over 7 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset 0399609ac250d71049f3fcfc3c4e88bc887ca520.
Also available in: Atom