Re: nginx-0.5.24 - Igor Sysoev - ru.sysoev.nginx

3 messages in ru.sysoev.nginxRe: nginx-0.5.24

From	Sent On	Attachments
Igor Sysoev	Jun 5, 2007 11:08 pm
Dustin Kanske	Jun 6, 2007 1:12 pm
Igor Sysoev	Jun 6, 2007 1:29 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: nginx-0.5.24	Actions...
From:	Igor Sysoev (is-G...@public.gmane.org)
Date:	Jun 6, 2007 1:29:35 pm
List:	ru.sysoev.nginx

On Wed, Jun 06, 2007 at 10:12:58AM -1000, Dustin Kanske wrote:

Hi Igor,

On Jun 5, 2007, at 8:08 PM, Igor Sysoev wrote:

Changes with nginx 0.5.24 06 Jun 2007

*) Security: the "ssl_verify_client" directive did not work if request was made using HTTP/0.9.

Is it the case that nginx would allow a client request to be allowed without verifying the client? Or would the request always fail?

It allows request without asking a client ceritficate.

However, HTTP/0.9 mode is limited: you can do GET only and you can not pass and get any headers including cookies. Also as there is no client certificate so there is no any client information such as client DN, etc.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: