OK, sounds good to me! I'll hopefully have some new patches available in a couple of days.
Any thoughts on using regular expressions to validate the format of the password file and extract strings? Specifically, does any string matching have to use regular expressions (protected by NGX_PCRE), or is the use of regular expressions optional? Nate -----Original Message----- From: nginx-devel [mailto:[email protected]] On Behalf Of Maxim Dounin Sent: Tuesday, June 13, 2017 9:55 AM To: [email protected] Subject: Re: PSK Support Hello! On Fri, Jun 09, 2017 at 03:40:15AM +0000, Karstens, Nate wrote: > Maxim, > > OK, we can skip the patch for turning off the certificate warnings > (and just use a dummy certificate) and just support a single PSK file. > > The {HEX} prefix seems OK. I think it would also be good to support an > {ASC}. It is unlikely that anyone would have an ASCII-based PSK that > starts with {HEX}, but using {ASC} would provide a way to make prevent > that case. If somebody want to use a key which starts with {HEX}, an obvious solution would be to convert it to hex. Supporting an additional prefix for plain-text keys might be an option too (in auth_basic it is called {PLAIN}, see nginx.org/r/auth_basic_user_file), but I think that it would be good to interpret non-prefixed keys in a way compatible with stunnel. So there will be 3 options: identity:key identity:{PLAIN}key identity:{HEX}6b6579 > Also, instead of referring to text-based PSKs as ASCII, maybe they > should be UTF8-encoded and referred to as {TXT}? I would rather avoid saying anything about character encoding, much like nginx does in most of the other places. The {PLAIN} seems to be neutral enough. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel ________________________________ CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you. _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
