It seems the variable you are refering to belongs to the
ngx_http_ssl_module, suitable for HTTPS, not in the ngx_stream_ssl_module,
suitable for generic TLS.
---
*B. R.*

On Fri, Sep 16, 2016 at 5:19 AM, Albert Zhang <alb...@plumewifi.com> wrote:

> how to get common name from client cert in TLS connection instead of
> HTTPS. I am using TLS not https and want to get common name from client
> cert using nginx plus ami on was,
> I am using AWS elb(ssl)+nginx client certificate ssl I know use
> $ssl_client_s_dn but how to get/compare the value here is my config:
> stream {
>     upstream stream_backend {
>          server 10.252.1.131:1983;
>          server 10.252.1.131:2983;
>     }
>     server {
>         listen                4443 ssl;
>         proxy_pass            stream_backend;
>  proxy_ssl on;
>     proxy_ssl_certificate         /etc/ssl/certs/server.crt;
>         proxy_ssl_certificate_key     /etc/ssl/certs/server.key;
>         proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
>         proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
> #  proxy_ssl_client_certificate /etc/ssl/certs/ca.pem;
> proxy_ssl_trusted_certificate /etc/ssl/certs/ca.pem;
> #proxy_ssl_session_reuse on;
>     proxy_ssl_verify       on;
>     proxy_ssl_verify_depth 4;
> #    proxy_ssl_verify_client optional;
>         ssl_certificate       /etc/ssl/certs/server.crt;
>         ssl_certificate_key   /etc/ssl/certs/server.key;
>         ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>         ssl_ciphers           HIGH:!aNULL:!MD5;
>         ssl_session_cache     shared:SSL:20m;
>         ssl_session_timeout   4h;
>         ssl_handshake_timeout 30s;
>      }
>
> }
>
> albert
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to