Trouble with ssl_verify_client option

Luit van Drongelen me at
Fri Nov 5 03:14:05 MSK 2010

Hello mailinglist,

Somehow I can't get the ssl_verify_client option to work properly for
me. As it more and more looks like this might be a bug, I thought I'd
report. I'm using 0.8.53, but upgraded from 0.7.67 because of this

The problem is with setting ssl_verify_client in any server {} block.
Setting it globally (in the http{} block) works as expected, but I
can't get ssl_verify_client enabled for one specific server {} and not
for all the others. Setting it to 'optional' in a server config
doesn't change much (maybe something does change, but nothing
noticeable happens), though setting it to 'on' does deny connections
without a client certificate. Sadly this, like 'optional', still does
mean it won't ask for a client certificate so will deny access to
every request.

Am I expecting the wrong things here, or is server-specific
ssl_verify_client setting broken here?

Luit van Drongelen <me at>

More information about the nginx mailing list