Proposal: Change `ssl_client_certificate` to `ssl_client_ca_certificate`

[Thomas Ward]

In line with a recent nginx mailing list thread I had with a user about 
how to properly secure a site with SSL/TLS Client Certificates, the user 
indicated that "ssl_client_certificate" is a confusing misnomer.  It 
implies that the certificate(s) provided are a bundle of certs that are 
*individual client certificates* not the Certification Authority (CA) 
certificate and chain that issued the certificiates.

It's always annoyed me slightly that it has been 
"ssl_client_certificate" and has no mention of it being a CA cert. I'm 
guessing that's because you could theoretically use a self-signed 
certificate and verify it against itself, thus not needing a CA 
certificate, however that's not the primary use case nor is that how 
it's really explained in the NGINX documentation of the command.

Has there been any discussion or consideration of renaming 
ssl_client_certificate to something that is less confusing to people new 
to the process, to show that this is supposed to be the CA certificate 
of the authority that is issuing the client certificates?


Thomas