diff options
| author | nytpu <alex@nytpu.com> | 2021-02-10 18:14:41 -0700 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2021-02-11 09:19:16 -0500 |
| commit | ae7ca3db3983321c0ada8416cc19f17190802f38 (patch) | |
| tree | 8127b7f7f05cb3372d459bb841fd511b627b9d69 /doc/gmnisrvini.scd | |
| parent | 6d9dd838e439bbc730d12ce81214046cde9227dd (diff) | |
| download | gmnisrv-ae7ca3db3983321c0ada8416cc19f17190802f38.tar.gz gmnisrv-ae7ca3db3983321c0ada8416cc19f17190802f38.tar.xz gmnisrv-ae7ca3db3983321c0ada8416cc19f17190802f38.zip | |
Send client certificate hash for CGI scripts.
Set SSL_VERIFY_PEER to request a client certificate from the server,
when available. Have to shim the certificate verification function or
else it will fail on self-signed client certs.
In serve_cgi retrieve client certificate, create a fingerprint, and set
proper environment variables. It's pretty barebones, it doesn't parse
the certificate to give any other useful info like the common name, but
it's acceptable IMO. For most CGI uses the fingerprint is the only
thing that is needed anyways.
Diffstat (limited to 'doc/gmnisrvini.scd')
| -rw-r--r-- | doc/gmnisrvini.scd | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/gmnisrvini.scd b/doc/gmnisrvini.scd index 69e8129..2c82b53 100644 --- a/doc/gmnisrvini.scd +++ b/doc/gmnisrvini.scd @@ -175,6 +175,12 @@ The following environment variables will be set: | *TLS_VERSION* : TLSv1.3 : The negotiated TLS version. +| *AUTH_TYPE* +: CERTIFICATE +: Compatibility with RFC 3785. +| *TLS_CLIENT_HASH* +: SHA256:BD3A388021A92017B781504A3D24F324BF9DE11CE72606AB445D98A8EB00C5A8 +: Unique fingerprint of the client certificate. \[1]: gemini://example.org/cgi-bin/foo.sh/bar?hello=world |
