This patch adds the ability to use syntax like the following: $HTTP["url"] =~ "^/url" { $HTTP["remoteuser"] !~ "myuser" { url.access-deny = ( "" ) } } This makes it possible to authorize specific client certificates whenever they are used. Sample syntax could look like the following: ssl.verifyclient.exportcert = "enable" ssl.verifyclient.activate = "enable" ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN" ssl.verifyclient.enforce = "disable" ssl.verifyclient.depth = 3 ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN" ssl.verifyclient.exportcert = "enable" $HTTP["url"] =~ "^/url" { $HTTP["remoteuser"] !~ "mycertCN" { url.access-deny = ( "" ) } } This patch has been submitted upstream in Feature request #2415, however, the last release of lighttpd was over 1 year ago. Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->mm Over to maintainer (via the GNATS Auto Assign Tool)
mm 2012-06-16 22:28:41 UTC FreeBSD ports repository Modified files: www/lighttpd Makefile Added files: www/lighttpd/files extra-patch-remoteuser Log: Add 3rd party remoteuser patch (optional) http://redmine.lighttpd.net/issues/2415 PR: ports/167209 Submitted by: Ryan Steinmetz <rpsfa@rit.edu> Revision Changes Path 1.112 +7 -1 ports/www/lighttpd/Makefile 1.1 +64 -0 ports/www/lighttpd/files/extra-patch-remoteuser (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Resolved. Thanks!