[PATCH] (re-post) Add "optional_no_ca" option to ssl_verify_client to enable app-only CA chain validation

Maxim Dounin mdounin at mdounin.ru
Wed Oct 3 15:27:58 UTC 2012


Hello!

On Thu, Sep 27, 2012 at 12:30:29PM -0400, Eric O'Connor wrote:

> Here is a modified patch addressing issues that Maxim brought up earlier:
> 
> diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
> index cd6d885..97da051 100644
> --- a/src/event/ngx_event_openssl.h
> +++ b/src/event/ngx_event_openssl.h
> @@ -141,6 +141,14 @@ ngx_int_t
> ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
>      ngx_str_t *s);

[...]

Patch committed, thanks.

-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx-devel mailing list