SSL client verification context
Matthias-Christian Ott
ott at mirix.org
Thu Feb 10 18:36:03 MSK 2011
On Thu, Feb 10, 2011 at 06:24:31PM +0300, Igor Sysoev wrote:
> On Feb 10, 2011, at 18:04 , Matthias-Christian Ott wrote:
> >
> > What I mean was the following
> >
> > server {
> > location /a {
> > ssl_client_certificate a/ca.pem;
> > ssl_crl a/a.crl;
> > }
> >
> > location /b {
> > ssl_client_certificate b/ca.pem;
> > ssl_crl a/a.crl;
> > }
> > }
> >
> > As far as I can tell from the documentation, both Apache and lighttpd
> > seems to support this.
>
> It requires SSL re-handshake and nginx currently does not support it.
I'm not familiar with SSL, but from what I read in overviews, the client
presents the client certificate to the server, so the server could check
the certificate against multiple CAs without a re-handshake, right?
Regards,
Matthias-Christian
More information about the nginx-devel
mailing list