Re: Problem of configuring client cert verification - Maxim Dounin - ru.sysoev.nginx

4 messages in ru.sysoev.nginxRe: Problem of configuring client cer...

From	Sent On	Attachments
speedfirst	Aug 9, 2011 11:25 pm
Maxim Dounin	Aug 10, 2011 2:35 am
speedfirst	Aug 10, 2011 10:32 pm
Maxim Dounin	Aug 11, 2011 6:17 am

Subject:	Re: Problem of configuring client cert verification
From:	Maxim Dounin (mdou...@mdounin.ru)
Date:	Aug 11, 2011 6:17:43 am
List:	ru.sysoev.nginx

Hello!

On Thu, Aug 11, 2011 at 01:33:18AM -0400, speedfirst wrote:

Thanks. Tried but doesn't work

Could you please show some full actual config you are able to reproduce the problem with (the one posted is obviously incorrect, as there are no directives like "ssl_on" and "ssl_private_key")?

While the patch is required for proper per-server SNI-based client cert verification, closer look on your original post suggests that you shouldn't see 403 anyway. Instead, request to "bar" with ssl_verify_client switched off in default "foo" server will result in "400 Bad Request" error without the patch (with the patch everything should be OK and works fine here, just tested with 0.9.3 too to make sure). Therefore I suspect there is some another problem, probably configuration or testing one.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets