On Thu, Aug 11, 2011 at 01:33:18AM -0400, speedfirst wrote:
Thanks. Tried but doesn't work
Could you please show some full actual config you are able to
reproduce the problem with (the one posted is obviously incorrect,
as there are no directives like "ssl_on" and "ssl_private_key")?
While the patch is required for proper per-server SNI-based client
cert verification, closer look on your original post suggests that
you shouldn't see 403 anyway. Instead, request to "bar" with
ssl_verify_client switched off in default "foo" server will result
in "400 Bad Request" error without the patch (with the patch
everything should be OK and works fine here, just tested with
0.9.3 too to make sure). Therefore I suspect there is some
another problem, probably configuration or testing one.