$ssl_client_escaped_cert does not contain intermediate client certificates
nginx-forum at forum.nginx.org
Mon Jul 6 19:55:05 UTC 2020
Thanks for your reply, Maxim! I'll work out an alternative then.
Re. session resumption, I read in the OpenSSL docs
that OpenSSL is willing to store the chain longer than a single request, but
only if the implementing application (nginx) is managing freeing it at the
proper time (eg. when the session times out):
> If applications wish to use any certificates in the returned chain
indefinitely they must increase the reference counts using X509_up_ref() or
obtain a copy of the whole chain with X509_chain_up_ref().
ps. I now see that HAProxy is also discussing it:
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288553,288596#msg-288596
More information about the nginx