Hello,
Consider the following test-case:
I, as admin, would like to limit access to certain resources, based on
Client TLS certificate content, fields, etc...
Solution for HTTP: Easy!
There is NGX_HTTP_ACCESS_PHASE phase, where connections have been already
accepted, and I have access to all $ssl
Hello,
Don't think your issue is specific to OpenSSL 3.2.0 or ARM64 arch.
If you specify just --with-http_ssl_module flag, nginx will be compiled
with system OpenSSL.
What might be not what you expect (OpenSSL: 3.2.0) on MacOS.
Try to specify --with-openssl= on nginx
configure stage.
Like --with-
No functional changes.
Made agains latest development branch.
Could be applied with
patch -p1 < 0001-Expose-Stream-proxy-module-structures-for-module-dev.patc
0001-Expose-Stream-proxy-module-structures-for-module-dev.patch
Description: Binary data
___
No functional changes.
Made agains latest development branch.
Could be applied with
patch -p1 < 0001-Expose-HTTP-proxy-module-structures-for-module-devel.patch
0001-Expose-HTTP-proxy-module-structures-for-module-devel.patch
Description: Binary data
___
Hello,
Sometimes custom module developers need to iterate over configured
location(s), configured in some or all server(s) blocks.
For example, to perform post-initialization steps, defined by custom
directives in their modules.
Now it is virtually impossible.
I've posted question about this matt
Hello,
Observed nginx's version 1.22.1 questionable behaviour with two virtual
hosts, one with H2 - enabled, second without http2 support.
Both on the same IP and port, with different domain names/server names.
When browsers make requests to a second domain, h2 being ALPN-negotiated,
and data tran
Hello,
Consider following configuration:
stream {
server {
listen 5443;
proxy_pass my-tls-upstream:443;
proxy_ssl_verify on;
proxy_ssl_server_name on;
proxy_ssl_trusted_certificate trusted_root_CAs.cer;
}
} # end stream
It is perfectly Ok for ngin
Hello,
In ngx_http_upstream_send_response() function there are a lot of
checks for r->cache pointer validity.
But it is absent for if (u->cacheable){}, which starts with dereferencing
valid = r->cache->valid_sec;
straight away.
If this considered to be an issue - patch attempting to fix it is
On 23 February 2017 at 02:35, Dave Bevan wrote:
> +s->data = ngx_pnalloc(pool, s->len);
Errr... No error check?
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Hi,
Did you read this nice article on the topic:
https://www.nginx.com/blog/nginx-plus-authenticate-users/
?
On 23 February 2017 at 01:16, Jun Chen via nginx-devel <
nginx-devel@nginx.org> wrote:
> Hi everyone,
>
> I am looking for a module which does the authentication/access control for
> rev
Hooray!
What the doctor ordered.
Looking forward for more parts, especially dedicated to chains
management and corresponding API description.
So far saw a possible typo:
In section "I/O events":
> that the functions ngx_handle_read_event(rev, flags) and
> ngx_handle_read_event(wev,flags) are cal
Hello,
> You are not freeing the buffers passed, but rather hold them for
> an infinite time in your filter. As a result once output_buffers
> are exhausted, the process stalls waiting for you to free some
> buffers.
Thanks for pointing out!
I'll try to fix this issue...
>
> (Note well that you
Hello,
I've implemented custom filter module for nginx.
In fact, it does nothing, but copy input chain to output.
The aim is to have placeholder for filter modules, what do little bit
more intelligent processing.
Wish it be useful for new nginx modules developers.
Sources could be found here: htt
ions is always NULL in both cases, despite I have a
lot of locations in my servers configured in nginx.conf.
--
Best wishes,
Andrey Kulikov
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
!
>
> On Mon, Jun 27, 2016 at 12:30:19PM +0300, Andrey Kulikov wrote:
>
> > I stuck in rather strange situation: if I run nginx under debugger, and
> > request zero-length file it gives me correct reply on first connection.
> But
> > on second connection it reply it output
Hello,
I stuck in rather strange situation: if I run nginx under debugger, and
request zero-length file it gives me correct reply on first connection. But
on second connection it reply it output part of debug log (what supposed to
be written to debug log, but wasn't).
At the same time if nginx run
Hi,
On 10 September 2015 at 18:36, Maxim Dounin wrote:
> Could you
> please ask your customer to describe how it's expected to be used?
>
Will try.
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-deve
Hi,
On 10 September 2015 at 18:48, Maxim Dounin wrote:
> Instead, you may consider obtaining the
> certificate itself and parsing needed details from it.
>
Indeed, certificate itself available as variable.
But parsing properly it is not so trivial task. And what should gear that
parsing on fron
Small correction - replace magic value with sizeof().
On 9 September 2015 at 02:46, Andrey Kulikov wrote:
> Hello,
>
> Please find attached patch, that add ssl_client_EKU nginx variable.
>
> Variable contains coma-separated list of OIDs, presented in
> client's certi
.9.4
Best wishes,
Andrey
From 9c15ddb5825030c8d6bab0699dc03a164f015fa1 Mon Sep 17 00:00:00 2001
From: Andrey Kulikov
Date: Wed, 9 Sep 2015 02:29:39 +0300
Subject: [PATCH] Add ssl_client_EKU nginx variable.
Variable contains coma-separated list of OIDs, presented in
client's certificate (if an
ndrey
On 7 September 2015 at 21:04, Maxim Dounin wrote:
> Hello!
>
> On Mon, Sep 07, 2015 at 08:18:29PM +0300, Andrey Kulikov wrote:
>
> > Hello,
> >
> > Nginx SSL module allow to use some variables:
> > http://nginx.org/en/docs/http/ngx_http_ssl_module.htm
Mon Sep 17 00:00:00 2001
From: Andrey Kulikov
Date: Mon, 7 Sep 2015 19:52:12 +0300
Subject: [PATCH] Add ssl_client_not_before and ssl_client_not_after request
variables.
---
src/event/ngx_event_openssl.c | 76
src/event/ngx_event_openssl.h
On 20 December 2014 at 00:08, Piotr Sikora wrote:
> I think that Host still should be restricted to at
> least printable ASCII
>
In what part of ASCII table?
What about host names in national alphabets?
___
nginx-devel mailing list
nginx-devel@nginx.or
23 matches
Mail list logo