Trouble with ssl_verify_client option

Luit van Drongelen me at
Sat Nov 6 15:18:11 MSK 2010

On Sat, Nov 6, 2010 at 3:06 AM, Maxim Dounin <mdounin at> wrote:

> Your simplified cases should both work ok (and they works ok here,
> and I doubt you actually tested them).  Though this one will cause
> troubles without SNI:

They do work for changing certificates, but the ssl_verify_client
option won't be properly used. Furthermore the server will expect a
client certificate when this is set to "on", though will not send any
accepted accepted DNs (only when it's globally set it will work).
Should this mean that I have SNI disabled, how do I enable this? I use
a recent version of OpenSSL, I have compiled nginx with SNI support,
according to nginx -V, so what am I missing here?

Luit van Drongelen <me at>

More information about the nginx mailing list