Multiple Cert support ( Was: RE : [PATCH 1 of 6] SSL: refactoring of ngx_ssl_certificate method. )

Filipe DA SILVA fdasilva at
Thu Apr 9 16:49:06 UTC 2015

Hi Maxim.

Thanks for the return.

I bet you are talking about this API:

Should the compatibility with old OpenSSL versions before 1.0.2 remain ? 

A good solution would be to keep directly a list of OCSP_CERTID in the stapling context.
Instead of keeping reference to cert/issuer certificates.




On Thu, Apr 09, 2015 at 09:58:27AM +0000, Filipe DA SILVA wrote:

> Hi,
> This is the cleaned and up to date version of 'Multiple server
> certificate support ' patches.
> Reviews and comments are welcome.

The main problem of these patches, as originally submitted by
Eldar, is the approach used.  It is believed that appropriate
support for multiple certificates may be introduce only in recent
OpenSSL versions, and there is no need to maintain list of
certificates in these versions: it's already maintained by

Maxim Dounin

nginx-devel mailing list
nginx-devel at

More information about the nginx-devel mailing list