Hi,
I have my nginx configured with client_certificate authentication:
ssl_client_certificate /etc/nginx/ssl/cas.pem;
ssl_verify_client optional;
ssl_verify_depth 2;
And is working fine, but I need to NOT send the CAs to the client during the handshake.
I've seen http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate in the documentation. So, I've changed it to:
ssl_trusted_certificate /etc/nginx/ssl/cas.pem;
ssl_verify_depth 2;
But now ssl_client_verify is always to NONE, and actually I saw in wireshark that the client is not sending the certificate.
What am I doing wrong?
Regards.