It seems the variable you are refering to belongs to the ngx_http_ssl_module, suitable for HTTPS, not in the ngx_stream_ssl_module, suitable for generic TLS. --- *B. R.*
On Fri, Sep 16, 2016 at 5:19 AM, Albert Zhang <[email protected]> wrote: > how to get common name from client cert in TLS connection instead of > HTTPS. I am using TLS not https and want to get common name from client > cert using nginx plus ami on was, > I am using AWS elb(ssl)+nginx client certificate ssl I know use > $ssl_client_s_dn but how to get/compare the value here is my config: > stream { > upstream stream_backend { > server 10.252.1.131:1983; > server 10.252.1.131:2983; > } > server { > listen 4443 ssl; > proxy_pass stream_backend; > proxy_ssl on; > proxy_ssl_certificate /etc/ssl/certs/server.crt; > proxy_ssl_certificate_key /etc/ssl/certs/server.key; > proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > proxy_ssl_ciphers HIGH:!aNULL:!MD5; > # proxy_ssl_client_certificate /etc/ssl/certs/ca.pem; > proxy_ssl_trusted_certificate /etc/ssl/certs/ca.pem; > #proxy_ssl_session_reuse on; > proxy_ssl_verify on; > proxy_ssl_verify_depth 4; > # proxy_ssl_verify_client optional; > ssl_certificate /etc/ssl/certs/server.crt; > ssl_certificate_key /etc/ssl/certs/server.key; > ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers HIGH:!aNULL:!MD5; > ssl_session_cache shared:SSL:20m; > ssl_session_timeout 4h; > ssl_handshake_timeout 30s; > } > > } > > albert > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
