Closed bernhardreiter closed 2 years ago
It is possible to configure nginx to do the check when reading a location differently than TLP:WHITE, the example configuration has this restriction (for all three TLP values green, amber and red) and https://github.com/csaf-poc/csaf_distribution/blob/8711ea67fe1de426ac1aac0c2862724c84cda96e/docs/client-certificate-setup.md?plain=1#L35-L38 explains how to change the configuration if the three TLP values should also be accessible by different client certificates.
@tschmidtb51 Does this resolve the issue for you?
Nearly. Please insert an example what a user should expect $ssl_client_i_dn
to be.
One should also be able to provide a TLS client certificate to use for the TLP:AMBER and TLP:RED feeds.
_Originally posted by @tschmidtb51 in https://github.com/csaf-poc/csaf_distribution/issues/42#issuecomment-1024939988_