Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client authorization (with SSL certificate) is broken #2

Closed
ameshkov opened this issue Oct 26, 2015 · 1 comment
Assignees
Labels
Milestone

Comments

@ameshkov
Copy link
Member

@ameshkov ameshkov commented Oct 26, 2015

Browsers: Chrome, Safari
Authorization is set up using nginx

Config example:
https://rynop.wordpress.com/2012/11/26/howto-client-side-certificate-auth-with-nginx/

server {

        listen 0.0.0.0:443 ssl;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /etc/nginx/ssl/some_name.crt;
        ssl_certificate_key /etc/nginx/ssl/some_name.key;
        ssl_client_certificate /etc/nginx/ssl/ca_admins.crt;
        ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_verify_client on;
        ssl_verify_depth 1;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
}

Server returns an error message:
400 no required ssl certificate was sent

@ameshkov

This comment has been minimized.

Copy link
Member Author

@ameshkov ameshkov commented Oct 26, 2015

We should detect that client tries to authorize and add the host:port pair to exceptions automatically.

@Stillness-2 Stillness-2 modified the milestone: 1.1.3 Dec 14, 2015
@gshumihin gshumihin added the FIxed label Dec 16, 2015
@Stillness-2 Stillness-2 modified the milestones: 1.1.3, 1.1.2-beta Dec 21, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.