Note two server name share the same IP. If I set both server config's
client certification verify on, it works well. That is, access
https://foo:3443/certauth and https://bar:3443/certauth are both OK with
correct certificates (the first cert is signed by nginx.foo.ca.crt and
the second is signed by nginx.bar.ca.crt).
However, if I set the first server block's "ssl_verify_client" to "off"
and remove the location block for "= /certauth", both server will return
the 403 error. In other words, the disabling of client cert verify in
"foo" also makes client cert verify in "bar" server disabled.
If I assign a new IP 10.117.0.151 to server "bar" and try with foo's
client cert verify "off" and bar's "on", it works as expected -- foo
always return the 403 error and bar can correctly return the normal
I've checked and confirm my nginx' SNI is enabled and my openssl is
1.0.0c, my nginx's version is 0.9.3.
Is this expected, a bug, or I did something wrong in the config?