nginx-0.5.24
Igor Sysoev
is at rambler-co.ru
Thu Jun 7 00:29:58 MSD 2007
On Wed, Jun 06, 2007 at 10:12:58AM -1000, Dustin Kanske wrote:
> Hi Igor,
>
> On Jun 5, 2007, at 8:08 PM, Igor Sysoev wrote:
>
> >Changes with nginx 0.5.24 06
> >Jun 2007
> >
> > *) Security: the "ssl_verify_client" directive did not work if
> >request
> > was made using HTTP/0.9.
> >
>
> Is it the case that nginx would allow a client request to be allowed
> without verifying the client? Or would the request always fail?
It allows request without asking a client ceritficate.
However, HTTP/0.9 mode is limited: you can do GET only and you can
not pass and get any headers including cookies.
Also as there is no client certificate so there is no any client information
such as client DN, etc.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list