On 26 November 2013 22:48, Radha Venkatesh (radvenka) <radve...@cisco.com> wrote: > Jonathan, > > The requirement is that we match an existing hostname entry in /etc/hosts > with the Client certificate CN (CN has to be the hostname of the client).
That's not really saying anything /new/, is it? ;-) Here are some examples of different things that your requirement could mean: 1) Do you want to ensure that the CN that is presented merely *exists* in /etc/hosts? 2) Do you want to ensure that the connection came from an IP that the CN's entry in /etc/hosts matches? 3) Both of #1 and #2 combined? Please give some representative examples of CNs being presented, /etc/hosts contents, and the allow/deny behaviour you want to see based on those combinations. Your requirement, whilst obvious and clear to yourself, is not clear to some people (well, me at least!) as they don't have their head deep inside your project. Regards, Jonathan _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx