Am 27.12.2011 um 13:34 schrieb Gelonida:

> I wanted to know whether I can configure nginx to verify client certificates and reject them if invalid.
>
> However I would like to exclude the expiration date from the validation step.
>
> The context is rather simple.
>
> I have some embedded devices trying to connect to a server. The client certificate for these devices expired and for a certain time I will be unable to update them.
>
> Instead of disabling client certificates I would like to 'just' ignore the expiration date.
>
> Ideally I'd like to just ignore the expiration date of a few given certificates, but in my current setup even ignoring all expiration dates would be an option.
>
> Is there any setup allowing this?
>
> Thanks in advance for any suggestion of how to achieve this.
>



I would suspect that most (all?) validation is done in the SSL-libraries.

As such, you would probably have modify the openssl-source.

I'm no programmer (sitting in a glass house here), but I'd say if you knew how to do that, you wouldn't have asked the original question anyway….

Instead of trying to find a "quick fix", I would accelerate the project to update the clients.




_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx