“Secure” meaning using TLS only, RFC5746 style.
I would like to have a module that decides which certificate authorities are valid based on aspects of a request (location, type of authentication required, etc). Some user populations will require client certificates from one CA, others from another, and others will not use client certificates at all. Specifying SSL client certificates as ‘optional’ for the entire server is not exactly a great user experience, and I would prefer not to send the trusted CAs for all user populations to every user.
Currently works in Apache and mod_ssl with some extra protections to only allow renegotiation to be triggered by the server, but I want to get NGINX handling all of the TLS traffic.
Has anyone come up with a relatively simple patch to allow NGINX to start the renegotiation process? Figured I would check before reinventing the wheel.
Is it possible to create a module with a nested block config.
Eg, this works:
However, this doesn't:
The code that fails doesn't allow it is
If I remove those lines, everything works as expected. Is there a reason
for not allowing the second style config?