I was wondering if caching whitelisted certificates' thumbprints somewhere and then verifying against this per request would work? One approach could be storing these thumprints in Memcached and querying using Lua? Or is there a more straightforward/efficient approach? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,247969,247987#msg-247987