Are there any way to check client certificate issuer in lighttpd?

Question

I have to check client certificate issuer in the Lighttpd but can't find any variable for that.

Here is part of my config, related to ssl_mod:

$SERVER["socket"] == ":443" {   
            ssl.engine = "enable"           
            ssl.pemfile = "/etc/certs/this-server.pem"
            ssl.ca-file = "/etc/certs/allcas.pem"
            ssl.verifyclient.activate = "enable"
            ssl.verifyclient.username = "enable"
}

sm8ps · Answer 1 · 2011-10-17T21:18:12.793

0

I am currently struggling with some similar questions (let me stress "struggling"!). I am not quite there yet but from my extensive research the following looks promising.

The option ssl.verifyclient.username = "SSL_CLIENT_S_*" seems to only give information about the subject, i.e. the user. As of version 1.4.25, ssl.verifyclient.exportcert = "enable" though should give you access to the full certificate which can be evaluated in 'env:SSL_CLIENT_CERT'.

Source: http://nginxvslighttpd.com/2011/08/lighttpd-ssl-module/ (section "Configuration").

Please report back with success or failure report!

edited Oct 17 '11 at 21:18

answered Oct 17 '11 at 19:40

sm8ps

1
1

Yes, I found this option too and implemented check in the backend, using python-openssl. But after that, switched to the Nginx, anyway, because it is able to check issuer and have easier configs. – Alexander Artemenko Oct 28 '11 at 13:24

Are there any way to check client certificate issuer in lighttpd?

1 Answers1