[PATCH] Add "compliant" option to ssl_verify_client for CORS support

Sampson Crowley sampson at downundersports.com
Fri Jan 17 16:52:59 UTC 2020


That fails the request even with a valid certificate

On Fri, Jan 17, 2020, 04:53 Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Thu, Jan 16, 2020 at 12:42:38PM -0700, Sampson Crowley wrote:
>
> > Maxim the work around you provided is invalid,
> >
> >     ssl_verify_client optional;
> >
> >     set $allow 0;
> >
> >     if ($ssl_client_verify = OK) {
> >         set $allow 1;
> >     }
> >
> >     if ($method = OPTIONS) {
> >         set $allow 1;
> >     }
> >
> >     if (!$allow) {
> >         return 496;
> >     }
> >
> > returns 'invalid condition "!$allow" by nginx and the service fails to
> start
>
> Sure, my bad.  It should be "$allow != 1".  And "$method" should be
> "$request_method" instead.
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20200117/0c17c70b/attachment-0001.htm>


More information about the nginx-devel mailing list