MINOR: ssl: add pattern and ACLs 'ssl_c_sig_alg' and 'ssl_f_sig_alg'
ssl_c_sig_alg: client cert signature algo (string). Ex: "RSA-SHA1"
ssl_f_sig_alg: frontend cert signature algo (string). Ex: "RSA-SHA1"
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3cecf09..e41b1f1 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8385,6 +8385,11 @@
true if the value of the nth given entry value from the beginning/end of the
DN matches the specified string.
+ssl_c_key_alg <string>
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer, and the name of the algorithm used to generate the key of the
+ certificate presented by the client matches the string.
+
ssl_c_s_dn <string>
ssl_c_s_dn(entry[,occ]) <string>
If no entry specified, returns true when the incoming connection was made
@@ -8401,6 +8406,11 @@
layer, and the serial of the certificate presented by the client matches
the value written in hexa.
+ssl_c_sig_alg <string>
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer, and the name of the algorithm used to sign the certificate presented
+ by the client matches the string.
+
ssl_c_verify <integer>
Returns true when the incoming connection was made over an SSL/TLS transport
layer, and the verify result matches the specified value (check man verify
@@ -8422,6 +8432,11 @@
true if the value of the nth given entry value from the beginning/end of the
DN matches the specified string.
+ssl_c_key_alg <string>
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer, and the name of the algorithm used to generate the key of the
+ certificate presented by the frontend matches the string.
+
ssl_f_s_dn <string>
ssl_f_s_dn(entry[,occ]) <string>
If no entry specified, returns true when the incoming connection was made
@@ -8438,6 +8453,11 @@
layer, and the serial of the certificate presented by the frontend matches
the value written in hexa.
+ssl_f_sig_alg <string>
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer, and the name of the algorithm used to sign the certificate presented
+ by the frontend matches the string.
+
ssl_f_version <integer>
Returns true when the incoming connection was made over an SSL/TLS transport
layer, and the version of the certificate presented by the frontend matches
@@ -9132,6 +9152,11 @@
name ssl_c_i_dn(CN) and the second organization unit
ssl_c_i_dn(OU,2).
+ ssl_c_key_alg
+ Returns the name of the algorithm used to generate the key of
+ the certificate presented by the client when the incoming
+ connection was made over an SSL/TLS transport layer.
+
ssl_c_s_dn[(entry[,occ])]
If no entry specified, returns the full distinguished name of
the subject of the certificate presented by the client when
@@ -9148,6 +9173,11 @@
when the incoming connection was made over an SSL/TLS transport
layer.
+ ssl_c_sig_alg
+ Returns the name of the algorithm used to sign the certificate
+ presented by the client when the incoming connection was made
+ over an SSL/TLS transport layer.
+
ssl_c_verify Returns the verify result errorID when the incoming connection
was made over an SSL/TLS transport layer, otherwise zero if no
error is encountered.
@@ -9169,6 +9199,11 @@
name ssl_f_i_dn(CN) and the second organization unit
ssl_f_i_dn(OU,2).
+ ssl_f_key_alg
+ Returns the name of the algorithm used to generate the key of
+ the certificate presented by the frontend when the incoming
+ connection was made over an SSL/TLS transport layer.
+
ssl_f_s_dn[(entry[,occ])]
If no entry specified, returns the full distinguished name of
the subject of the certificate presented by the frontend when
@@ -9185,6 +9220,11 @@
when the incoming connection was made over an SSL/TLS transport
layer.
+ ssl_f_sig_alg
+ Returns the name of the algorithm used to sign the certificate
+ presented by the frontend when the incoming connection was made
+ over an SSL/TLS transport layer.
+
ssl_f_version
Returns the version of the certificate presented by the frontend
when the incoming connection was made over an SSL/TLS transport