Mailing List Archive

From:: Jack Burton <jack@saosce.com.au>
Subject:: Re: [diff] httpd: pass through dn from tls client cert to fcgi
To:: Jan Klemkow <jan@openbsd.org>
Cc:: Claudio Jeker <cjeker@diehard.n-r-g.com>, tech@openbsd.org
Date:: Tue, 12 May 2026 17:12:01 +0930

Download raw body.

Thread

2026-05-01 07:13 Jack Burton:
[diff] httpd: pass through dn from tls client cert to fcgi
- 2026-05-05 15:22 Jan Klemkow:
  [diff] httpd: pass through dn from tls client cert to fcgi
- - 2026-05-12 07:42 Jack Burton:
    [diff] httpd: pass through dn from tls client cert to fcgi

On Tue, 5 May 2026 17:22:57 +0200
Jan Klemkow <jan@openbsd.org> wrote:
> Claudio is right tls_conninfo_populate() in libtls guaranties that
> tls_peer_cert_provided() will fail, if subject is NULL.  I missed that
> in my first review.  So, your original diff is ok for me though.
> 
> ok jan@

Thanks for the ok Jan.

Any thoughts on when this might be committed?

2026-05-01 07:13 Jack Burton:
[diff] httpd: pass through dn from tls client cert to fcgi
- 2026-05-05 15:22 Jan Klemkow:
  [diff] httpd: pass through dn from tls client cert to fcgi
- - 2026-05-12 07:42 Jack Burton:
    [diff] httpd: pass through dn from tls client cert to fcgi