Problem of configuring client cert verification

Maxim Dounin mdounin at
Thu Aug 11 13:18:25 UTC 2011


On Thu, Aug 11, 2011 at 01:33:18AM -0400, speedfirst wrote:

> Thanks.  Tried  but doesn't work

Could you please show some full actual config you are able to 
reproduce the problem with (the one posted is obviously incorrect, 
as there are no directives like "ssl_on" and "ssl_private_key")?

While the patch is required for proper per-server SNI-based client 
cert verification, closer look on your original post suggests that 
you shouldn't see 403 anyway.  Instead, request to "bar" with 
ssl_verify_client switched off in default "foo" server will result 
in "400 Bad Request" error without the patch (with the patch 
everything should be OK and works fine here, just tested with 
0.9.3 too to make sure).  Therefore I suspect there is some 
another problem, probably configuration or testing one.

Maxim Dounin

More information about the nginx mailing list