Welcome! Log In Create A New Profile

Advanced

Re: Strange ssl_client_certificate limitation?

Francis Daly
January 14, 2021 04:34PM
On Thu, Jan 14, 2021 at 09:29:25PM +0100, Rene Moser wrote:

Hi there,

> To show the limitation, I created a reproducer:
>
> https://github.com/resmo/nginx-ssl_client_certificate-limit
>
> Please tell me I did something terribly wrong.

You seem to be trying to test the different server names using

curl -H "Host: foo2.example.com" --insecure https://127.0.0.1:8443/

If you add a "--verbose", you may see the certificate that the server is
presenting, which may hint at which server{} you are actually accessing.

You probably will want to use curl's "--resolve" command to get curl to
use SNI the way that you want. Something like

curl --resolve foo2.example.com:8443:127.0.0.1 --insecure https://foo2.example.com:8443/

may make a better test.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Strange ssl_client_certificate limitation?

Rene Moser January 14, 2021 03:30PM

Re: Strange ssl_client_certificate limitation?

Francis Daly January 14, 2021 04:34PM

Re: Strange ssl_client_certificate limitation?

Rene Moser January 14, 2021 05:12PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 324
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready