$ssl_client_escaped_cert does not contain intermediate client certificates
nginx-forum at forum.nginx.org
Tue Jul 7 07:18:36 UTC 2020
I, naively maybe, thought the following would work. At an incoming request,
nginx checks whether the session is new or resumed.
* new: it retrieves the chain, calls X509_chain_up_ref and stores a mapping
from session ID to the chain pointer
* resumed: it retrieves the session ID, looks up the pointer from the
mapping and retrieves the chain from the pointer
At session timeout nginx should drop the session ID from the mapping and
calls X509_free on each certificate in the chain.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288553,288600#msg-288600
More information about the nginx