The only way I was able to accept both certs but use the one or the
other in the vhost was to bundle the certs and distinguish by issuer dn,
see:

https://github.com/resmo/nginx-ssl_client_certificate-limit/pull/1

This works as expected, but feels kind of a hack. Any other suggestions?


On 14.01.21 21:29, Rene Moser wrote:
> Hi
>
> I have a hard time with ssl_client_certificate.
>
> I try to use vhosts with 2 separated CA in ssl_client_certificate
> configs but I was not able to do it as expected. The later
> ssl_client_certificate was not taken in effect and even more unexpected
> I was able to use the first client cert to auth in the seconds vhost.
>
> To show the limitation, I created a reproducer:
>
> https://github.com/resmo/nginx-ssl_client_certificate-limit
>
> Please tell me I did something terribly wrong.
>
> Regards
> René
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx