Verify Peer of SSL request in Proxy Module

W. Andrew Loe III andrew at andrewloe.com
Mon Sep 12 23:58:17 UTC 2011


When reverse proxying over SSL, I would like to be able to set the
context to VERIFY_PEER and to provide my own CA file. Right now nginx
uses the OpenSSL default of VERIFY_NONE.

There appears to be some code around this in
ngx_ssl_client_certificate in ngx_event_openssl.c, but this is for
validating client certificates, not nginx acting as a client.

I am working on a patch, but if Igor or someone more experienced
already has this working, I would prefer to use that.



More information about the nginx mailing list