Trouble with ssl_verify_client option

Luit van Drongelen me at luitvd.net
Sat Nov 6 15:18:11 MSK 2010


On Sat, Nov 6, 2010 at 3:06 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Your simplified cases should both work ok (and they works ok here,
> and I doubt you actually tested them).  Though this one will cause
> troubles without SNI:

They do work for changing certificates, but the ssl_verify_client
option won't be properly used. Furthermore the server will expect a
client certificate when this is set to "on", though will not send any
accepted accepted DNs (only when it's globally set it will work).
Should this mean that I have SNI disabled, how do I enable this? I use
a recent version of OpenSSL, I have compiled nginx with SNI support,
according to nginx -V, so what am I missing here?

Regards,
Luit van Drongelen <me at luitvd.net>



More information about the nginx mailing list