Strange ssl_client_certificate limitation?

Rene Moser mail at renemoser.net
Thu Jan 14 22:10:40 UTC 2021


The only way I was able to accept both certs but use the one or the 
other in the vhost was to bundle the certs and distinguish by issuer dn, 
see:

https://github.com/resmo/nginx-ssl_client_certificate-limit/pull/1

This works as expected, but feels kind of a hack. Any other suggestions?


On 14.01.21 21:29, Rene Moser wrote:
> Hi
> 
> I have a hard time with ssl_client_certificate.
> 
> I try to use vhosts with 2 separated CA in ssl_client_certificate 
> configs but I was not able to do it as expected. The later 
> ssl_client_certificate was not taken in effect and even more unexpected 
> I was able to use the first client cert to auth in the seconds vhost.
> 
> To show the limitation, I created a reproducer:
> 
> https://github.com/resmo/nginx-ssl_client_certificate-limit
> 
> Please tell me I did something terribly wrong.
> 
> Regards
> René
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list