Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_auth_http_module.xml @ 1429:06322891b4e3
Client certificate directives in mail_ssl_module and associates.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Sat, 28 Feb 2015 00:31:18 +0300 |
parents | ebfcd76e23b6 |
children | 7133004fa5b3 |
comparison
equal
deleted
inserted
replaced
1428:933831d7bf0b | 1429:06322891b4e3 |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_mail_auth_http_module" | 10 <module name="Module ngx_mail_auth_http_module" |
11 link="/en/docs/mail/ngx_mail_auth_http_module.html" | 11 link="/en/docs/mail/ngx_mail_auth_http_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="5"> | 13 rev="6"> |
14 | 14 |
15 <section id="directives" name="Directives"> | 15 <section id="directives" name="Directives"> |
16 | 16 |
17 <directive name="auth_http"> | 17 <directive name="auth_http"> |
18 <syntax><value>URL</value></syntax> | 18 <syntax><value>URL</value></syntax> |
40 that the request comes from nginx. | 40 that the request comes from nginx. |
41 For example: | 41 For example: |
42 <example> | 42 <example> |
43 auth_http_header X-Auth-Key "secret_string"; | 43 auth_http_header X-Auth-Key "secret_string"; |
44 </example> | 44 </example> |
45 </para> | |
46 | |
47 </directive> | |
48 | |
49 | |
50 <directive name="auth_http_pass_client_cert"> | |
51 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
52 <default>off</default> | |
53 <context>mail</context> | |
54 <context>server</context> | |
55 <appeared-in>1.7.11</appeared-in> | |
56 | |
57 <para> | |
58 Appends the <header>Auth-SSL-Cert</header> header with the | |
59 <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client">client</link> | |
60 certificate in the PEM format (urlencoded) | |
61 to requests sent to the authentication server. | |
45 </para> | 62 </para> |
46 | 63 |
47 </directive> | 64 </directive> |
48 | 65 |
49 | 66 |
183 Auth-SMTP-From: MAIL FROM: <> | 200 Auth-SMTP-From: MAIL FROM: <> |
184 Auth-SMTP-To: RCPT TO: <postmaster@mail.example.com> | 201 Auth-SMTP-To: RCPT TO: <postmaster@mail.example.com> |
185 </example> | 202 </example> |
186 </para> | 203 </para> |
187 | 204 |
205 <para> | |
206 For the SSL/TLS client connection (1.7.11), | |
207 the <header>Auth-SSL</header> header is added, and | |
208 <header>Auth-SSL-Verify</header> will contain | |
209 the result of client certificate verification, if | |
210 <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client">enabled</link>: | |
211 “<literal>SUCCESS</literal>”, “<literal>FAILED</literal>”, and | |
212 “<literal>NONE</literal>” if a certificate was not present. | |
213 When the client certificate was present, | |
214 its details are passed in the following request headers: | |
215 <header>Auth-SSL-Subject</header>, <header>Auth-SSL-Issuer</header>, | |
216 <header>Auth-SSL-Serial</header>, and <header>Auth-SSL-Fingerprint</header>. | |
217 If <link id="auth_http_pass_client_cert"/> is enabled, | |
218 the certificate itself is passed in the | |
219 <header>Auth-SSL-Cert</header> header. | |
220 The request will look as follows: | |
221 <example> | |
222 GET /auth HTTP/1.0 | |
223 Host: localhost | |
224 Auth-Method: plain | |
225 Auth-User: user | |
226 Auth-Pass: password | |
227 Auth-Protocol: imap | |
228 Auth-Login-Attempt: 1 | |
229 Client-IP: 192.0.2.42 | |
230 Auth-SSL: on | |
231 Auth-SSL-Verify: SUCCESS | |
232 Auth-SSL-Subject: /CN=example.com | |
233 Auth-SSL-Issuer: /CN=example.com | |
234 Auth-SSL-Serial: C07AD56B846B5BFF | |
235 Auth-SSL-Fingerprint: 29d6a80a123d13355ed16b4b04605e29cb55a5ad | |
236 </example> | |
237 </para> | |
238 | |
188 </section> | 239 </section> |
189 | 240 |
190 </module> | 241 </module> |