Welcome! Log In Create A New Profile

Advanced

does proxy_ssl_verify verify server name?

Previous Message Next Message
Forum List Message List New Topic Print View
Richard Kearsley
February 10, 2016 11:26AM
Hello
I'm trying to enable this option on a proxy_pass location:

proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 9

/etc/ssl/certs/ca-certificates.crt is compiled by update-ca-certificates
(http://manpages.ubuntu.com/manpages/trusty/man8/update-ca-certificates.8.html)

My understanding is that this option will prevent, for example,
self-signed certificates or certificates where the server name requested
is different than in the certificate, is that correct?

I have tried it and while it works for self-signed (returns 502) it
still lets a non matching server name through the proxy (properly signed
certificate, but wrong name)

Thanks
Richard

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

does proxy_ssl_verify verify server name?

Richard Kearsley February 10, 2016 11:26AM

Re: does proxy_ssl_verify verify server name?

Maxim Dounin February 10, 2016 12:28PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 196
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready