Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_auth_http_module.xml @ 1429:06322891b4e3
Client certificate directives in mail_ssl_module and associates.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Sat, 28 Feb 2015 00:31:18 +0300 |
| parents | ebfcd76e23b6 |
| children | 7133004fa5b3 |
comparison
equal
deleted
inserted
replaced
| 1428:933831d7bf0b | 1429:06322891b4e3 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_mail_auth_http_module" | 10 <module name="Module ngx_mail_auth_http_module" |
| 11 link="/en/docs/mail/ngx_mail_auth_http_module.html" | 11 link="/en/docs/mail/ngx_mail_auth_http_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="5"> | 13 rev="6"> |
| 14 | 14 |
| 15 <section id="directives" name="Directives"> | 15 <section id="directives" name="Directives"> |
| 16 | 16 |
| 17 <directive name="auth_http"> | 17 <directive name="auth_http"> |
| 18 <syntax><value>URL</value></syntax> | 18 <syntax><value>URL</value></syntax> |
| 40 that the request comes from nginx. | 40 that the request comes from nginx. |
| 41 For example: | 41 For example: |
| 42 <example> | 42 <example> |
| 43 auth_http_header X-Auth-Key "secret_string"; | 43 auth_http_header X-Auth-Key "secret_string"; |
| 44 </example> | 44 </example> |
| 45 </para> | |
| 46 | |
| 47 </directive> | |
| 48 | |
| 49 | |
| 50 <directive name="auth_http_pass_client_cert"> | |
| 51 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
| 52 <default>off</default> | |
| 53 <context>mail</context> | |
| 54 <context>server</context> | |
| 55 <appeared-in>1.7.11</appeared-in> | |
| 56 | |
| 57 <para> | |
| 58 Appends the <header>Auth-SSL-Cert</header> header with the | |
| 59 <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client">client</link> | |
| 60 certificate in the PEM format (urlencoded) | |
| 61 to requests sent to the authentication server. | |
| 45 </para> | 62 </para> |
| 46 | 63 |
| 47 </directive> | 64 </directive> |
| 48 | 65 |
| 49 | 66 |
| 183 Auth-SMTP-From: MAIL FROM: <> | 200 Auth-SMTP-From: MAIL FROM: <> |
| 184 Auth-SMTP-To: RCPT TO: <postmaster@mail.example.com> | 201 Auth-SMTP-To: RCPT TO: <postmaster@mail.example.com> |
| 185 </example> | 202 </example> |
| 186 </para> | 203 </para> |
| 187 | 204 |
| 205 <para> | |
| 206 For the SSL/TLS client connection (1.7.11), | |
| 207 the <header>Auth-SSL</header> header is added, and | |
| 208 <header>Auth-SSL-Verify</header> will contain | |
| 209 the result of client certificate verification, if | |
| 210 <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client">enabled</link>: | |
| 211 “<literal>SUCCESS</literal>”, “<literal>FAILED</literal>”, and | |
| 212 “<literal>NONE</literal>” if a certificate was not present. | |
| 213 When the client certificate was present, | |
| 214 its details are passed in the following request headers: | |
| 215 <header>Auth-SSL-Subject</header>, <header>Auth-SSL-Issuer</header>, | |
| 216 <header>Auth-SSL-Serial</header>, and <header>Auth-SSL-Fingerprint</header>. | |
| 217 If <link id="auth_http_pass_client_cert"/> is enabled, | |
| 218 the certificate itself is passed in the | |
| 219 <header>Auth-SSL-Cert</header> header. | |
| 220 The request will look as follows: | |
| 221 <example> | |
| 222 GET /auth HTTP/1.0 | |
| 223 Host: localhost | |
| 224 Auth-Method: plain | |
| 225 Auth-User: user | |
| 226 Auth-Pass: password | |
| 227 Auth-Protocol: imap | |
| 228 Auth-Login-Attempt: 1 | |
| 229 Client-IP: 192.0.2.42 | |
| 230 Auth-SSL: on | |
| 231 Auth-SSL-Verify: SUCCESS | |
| 232 Auth-SSL-Subject: /CN=example.com | |
| 233 Auth-SSL-Issuer: /CN=example.com | |
| 234 Auth-SSL-Serial: C07AD56B846B5BFF | |
| 235 Auth-SSL-Fingerprint: 29d6a80a123d13355ed16b4b04605e29cb55a5ad | |
| 236 </example> | |
| 237 </para> | |
| 238 | |
| 188 </section> | 239 </section> |
| 189 | 240 |
| 190 </module> | 241 </module> |