Re: [nginx] Update mime-types

Sun, 31 Mar 2024 05:34:42 -0700 

Hello!
Maxim Dounin писал(а) 2024-03-31 00:12:
Just for the record, I've checked IIS mappings as available in applicationHost.config on hosts with IIS installed. Not sure if there is a current mapping officially available online, but at least some not very old copy can be found here: 

https://github.com/aspnet/AspLabs/blob/main/src/dotnet-iis/src/dotnet-iis/Resources/applicationHost.config#L370



As 
in 
Apache, 
a 
large 
of 
extensions 
in 
mime 
types 
are 
specified
here 
for 
Excel 
and 
PowerPoint 
:)




Well, Boulder simply ignores the Accept request header, that 
is,
it ignores client preference for a particular type, nothing 
more.
It provides no information if changing the response type 
will
affect various clients or 
not.



Tried 
updating 
comit 
and 
added 
more 
information 
with 
examples.




I think we can consider this at some point later, if/when 
there
will be more information 
available.



Tried 
updating 
comit.



--

Best 
regards,

Lafiel
mailto:[email protected]
# HG changeset patch
# User Yuriy Izorkin <[email protected]>
# Date 1711881628 -10800
#      Sun Mar 31 13:40:28 2024 +0300
# Node ID 9e15db23461bcdd315699dfcb58469cb5fe05791
# Parent  ddcedfa3a80996ac5c1407ecc35a58617b1ae62d
MIME: changed type for pem files to application/pem-certificate-chain.

For .pem files, the MIME type is application/pem-certificate-chain
mime type used in accordance with section 9 of RFC 8555 [1] and
IANA [3].

The .der, .pem, or .crt extensions have different encoding
schemes for X.509 certificates and keys: PEM (Base64 ASCII)
and DER (binary) [4].

Also according to section 11.4 of RFC 8555 [2] when processing a
file of type "application/pem-certificate-chain", a client SHOULD
verify that the file contains only encoded certificates. If
anything other than a certificate is found, then the client MUST
reject the file as invalid.

For example, Let's Encrypt [5] and DigiCert [6] also use different
types of PEM and DER/CRT certificates:
$ curl --head https://letsencrypt.org/certs/lets-encrypt-r3.pem 2>&1 | grep 'content-type:'
content-type: application/x-pem-file
$ curl --head https://letsencrypt.org/certs/lets-encrypt-r3.der 2>&1 | grep 'content-type:'
content-type: application/x-x509-cert;format=der

$ curl --head https://cacerts.digicert.com/DigiCertTLSECCP384RootG5.crt.pem 2>&1 | grep 'content-type:'
content-type: application/x-pem-file
$ curl --head https://cacerts.digicert.com/DigiCertTLSECCP384RootG5.crt 2>&1 | grep 'content-type:'
content-type: application/pkix-cert

Link for reference:

[1] https://www.rfc-editor.org/rfc/rfc8555#section-9.1
[2] https://www.rfc-editor.org/rfc/rfc8555#section-11.4
[2] https://www.iana.org/assignments/media-types/application/x-x509-ca-cert
[4] https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/
[5] https://letsencrypt.org/certificates/
[6] https://www.digicert.com/kb/digicert-root-certificates.htm

diff -r ddcedfa3a809 -r 9e15db23461b conf/mime.types
--- a/conf/mime.types   Sat Mar 30 05:10:40 2024 +0300
+++ b/conf/mime.types   Sun Mar 31 13:40:28 2024 +0300
@@ -33,6 +33,7 @@
     application/mac-binhex40                         hqx;
     application/msword                               doc;
     application/pdf                                  pdf;
+    application/pem-certificate-chain                pem;
     application/postscript                           ps eps ai;
     application/rtf                                  rtf;
     application/vnd.apple.mpegurl                    m3u8;
@@ -67,7 +68,7 @@
     application/x-shockwave-flash                    swf;
     application/x-stuffit                            sit;
     application/x-tcl                                tcl tk;
-    application/x-x509-ca-cert                       der pem crt;
+    application/x-x509-ca-cert                       der crt;
     application/x-xpinstall                          xpi;
     application/xhtml+xml                            xhtml;
     application/xspf+xml                             xspf;
# HG changeset patch
# User Yuriy Izorkin <[email protected]>
# Date 1711885689 -10800
#      Sun Mar 31 14:48:09 2024 +0300
# Node ID 2bbd0a17142bccee702960d3d18cebc3f7e7fea6
# Parent  9e15db23461bcdd315699dfcb58469cb5fe05791
MIME: add application/pkix-cert mime type.

Extension usage statistics, according to httparhcive.org [1]:
$ awk 'NR==1||/^cer,/' httparchive_exts.csv
ext,total_pages,total_requests
cer,8998,13225

$ awk 'NR==1||/pkix-cert/' httparchive_mime_types.csv
mimeType,total_pages,total_requests
application/pkix-cert,182718,218996

The csv file was made with the following query:

SELECT
  ext,
  COUNT(distinct pageid) total_pages,
  COUNT(0) total_requests
FROM
  `httparchive.summary_requests.2024_01_01_desktop`
GROUP BY
  ext
ORDER BY
  total_requests DESC

In Apache also uses this type [2]:
$ awk '/^application\/pkix-cert/' mime.types
application/pkix-cert                           cer

And for .cer files the application/pkix-cert mime
type is used according to IANA [3].

Link for reference:

[1] https://httparchive.org
[2] https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
[3] https://www.iana.org/assignments/media-types/application/pkix-cert

diff -r 9e15db23461b -r 2bbd0a17142b conf/mime.types
--- a/conf/mime.types   Sun Mar 31 13:40:28 2024 +0300
+++ b/conf/mime.types   Sun Mar 31 14:48:09 2024 +0300
@@ -34,6 +34,7 @@
     application/msword                               doc;
     application/pdf                                  pdf;
     application/pem-certificate-chain                pem;
+    application/pkix-cert                            cer;
     application/postscript                           ps eps ai;
     application/rtf                                  rtf;
     application/vnd.apple.mpegurl                    m3u8;
# HG changeset patch
# User Yuriy Izorkin <[email protected]>
# Date 1711886441 -10800
#      Sun Mar 31 15:00:41 2024 +0300
# Node ID 254e94e01338f061cf9c175b4fff68d3c5f5e26d
# Parent  2bbd0a17142bccee702960d3d18cebc3f7e7fea6
MIME: add application/pkix-crl mime type.

For .crl files the application/pkix-crl mime type is used
according to IANA [1].

In Apache also uses this type [2]:
$ awk '/^application\/pkix-crl/' mime.types
application/pkix-crl                            crl

For example, the DigiCert certificate authority also uses this type:
curl --head http://crl3.digicert.com/Omniroot2025.crl 2>&1 | grep "Content-Type:"
Content-Type: application/pkix-crl

Link for reference:

[1] https://www.iana.org/assignments/media-types/application/pkix-crl
[2] https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types

diff -r 2bbd0a17142b -r 254e94e01338 conf/mime.types
--- a/conf/mime.types   Sun Mar 31 14:48:09 2024 +0300
+++ b/conf/mime.types   Sun Mar 31 15:00:41 2024 +0300
@@ -35,6 +35,7 @@
     application/pdf                                  pdf;
     application/pem-certificate-chain                pem;
     application/pkix-cert                            cer;
+    application/pkix-crl                             crl;
     application/postscript                           ps eps ai;
     application/rtf                                  rtf;
     application/vnd.apple.mpegurl                    m3u8;



Attachment:
0xFAB0C3D2.asc

Description: application/pgp-keys



Attachment:
signature.asc

Description: OpenPGP digital signature


-- 
nginx-devel mailing list
[email protected]
https://freenginx.org/mailman/listinfo/nginx-devel
























					Reply via email to