Strange ssl_client_certificate limitation?
Francis Daly
francis at daoine.org
Thu Jan 14 21:32:43 UTC 2021
On Thu, Jan 14, 2021 at 09:29:25PM +0100, Rene Moser wrote:
Hi there,
> To show the limitation, I created a reproducer:
>
> https://github.com/resmo/nginx-ssl_client_certificate-limit
>
> Please tell me I did something terribly wrong.
You seem to be trying to test the different server names using
curl -H "Host: foo2.example.com" --insecure https://127.0.0.1:8443/
If you add a "--verbose", you may see the certificate that the server is
presenting, which may hint at which server{} you are actually accessing.
You probably will want to use curl's "--resolve" command to get curl to
use SNI the way that you want. Something like
curl --resolve foo2.example.com:8443:127.0.0.1 --insecure https://foo2.example.com:8443/
may make a better test.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list