SSL client verification context
Matthias-Christian Ott
ott at mirix.org
Thu Feb 10 18:04:32 MSK 2011
On Thu, Feb 10, 2011 at 04:20:51PM +0300, Igor Sysoev wrote:
> On Feb 10, 2011, at 10:36 , Matthias-Christian Ott wrote:
>
> > Hi,
> >
> > at the moment it is only possible to set variables for SSL client
> > verification in the http oder server context. I would be useful to have
> > them at least in location, so that one could verify the certificate
> > according to the requested directory. Would this be possible?
>
>
> These are not variables, but directives.
I confused both ;).
> You may try
>
> server {
> ssl_verify_client optional;
>
> location /dir/ {
> if ($ssl_client_verify != SUCCESS) {
> return 403;
> }
What I mean was the following
server {
location /a {
ssl_client_certificate a/ca.pem;
ssl_crl a/a.crl;
}
location /b {
ssl_client_certificate b/ca.pem;
ssl_crl a/a.crl;
}
}
As far as I can tell from the documentation, both Apache and lighttpd
seems to support this.
Regards,
Matthias-Christian
More information about the nginx-devel
mailing list