LINUX.ORG.RU

django-ssl-auth KeyError

 , , ,


0

1

Всем привет!

Никак не получается запустить тестовое приложение django-ssl-auth вместе с nginx. Постоянно говорит, что KeyError at / 'HTTP_X_SSL_USER_DN'

конфиг nginx:

server {
   server_name     10.72.14.144;
   listen          443;
   ssl on;
   ssl_certificate     /etc/nginx/ssl/django-server/root-ca.crt;
   ssl_certificate_key /etc/nginx/ssl/django-server/root-ca.key;
   ssl_client_certificate /etc/nginx/ssl/django-server/users/diakonov-i.crt;
   ssl_verify_client optional;
   ssl_password_file /etc/nginx/ssl/django-server/global.pass;
   ssl_session_timeout 5m;

   ssl_protocols SSLv3 TLSv1;
   ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
   ssl_prefer_server_ciphers on;

   access_log      /var/log/nginx/ssl.access.log;
   error_log       /var/log/nginx/ssl.error.log;

   include         /etc/nginx/proxy.conf;
   location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_redirect default;
        fastcgi_param    DN             $ssl_client_s_dn;
        proxy_set_header X-SSL-User-DN  $ssl_client_s_dn;
        fastcgi_param    VERIFIED            $ssl_client_verify;
        proxy_set_header X-SSL-Authenticated $ssl_client_verify;
        include        fastcgi_params;
   }
}

Может доустановить что забыл или флаги не те?

★★

Пробовал еще вот такой конфиг - всё равно выдает ошибку.

server {
    listen *:443;
    ssl on;
    ssl_certificate     /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.nopass.key;
    ssl_client_certificate /etc/nginx/ssl/ca.crt;
    #ssl_password_file /etc/nginx/ssl/django-server/global.pass;
    ssl_verify_client on;

    keepalive_timeout 70;
    fastcgi_param SSL_VERIFIED $ssl_client_verify;
    fastcgi_param SSL_CLIENT_SERIAL $ssl_client_serial;
    fastcgi_param SSL_CLIENT_CERT $ssl_client_cert;
    fastcgi_param SSL_DN $ssl_client_s_dn;
    include        fastcgi_params;


    proxy_set_header X-SSL-User-DN   $ssl_client_s_dn;
    proxy_set_header X-SSL-Authenticated $ssl_client_verify;

    location / {
        fastcgi_pass   127.0.0.1:5000;
    }
}

# tail /var/log/nginx/error.log
[alert] 11927#0: *31 ignoring stale global SSL error (SSL: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm) while waiting for request, client: 192.168.68.23, server: 0.0.0.0:443
aido ★★ ()