Welcome! Log In Create A New Profile

Advanced

Re: SSL client verification context

Matthias-Christian Ott
February 10, 2011 11:04AM
On Thu, Feb 10, 2011 at 06:56:50PM +0300, Igor Sysoev wrote:
> On Thu, Feb 10, 2011 at 04:36:03PM +0100, Matthias-Christian Ott wrote:
> > On Thu, Feb 10, 2011 at 06:24:31PM +0300, Igor Sysoev wrote:
> > > On Feb 10, 2011, at 18:04 , Matthias-Christian Ott wrote:
> > > >
> > > > What I mean was the following
> > > >
> > > > server {
> > > > location /a {
> > > > ssl_client_certificate a/ca.pem;
> > > > ssl_crl a/a.crl;
> > > > }
> > > >
> > > > location /b {
> > > > ssl_client_certificate b/ca.pem;
> > > > ssl_crl a/a.crl;
> > > > }
> > > > }
> > > >
> > > > As far as I can tell from the documentation, both Apache and lighttpd
> > > > seems to support this.
> > >
> > > It requires SSL re-handshake and nginx currently does not support it.
> >
> > I'm not familiar with SSL, but from what I read in overviews, the client
> > presents the client certificate to the server, so the server could check
> > the certificate against multiple CAs without a re-handshake, right?
>
> A client can present a certificate only at SSL handshake phase.
> If on the first handshake the server did not ask the certificate,
> it must do re-handshake.

Can't the client itself present to the server, so that the server
doesn't have to ask?

Regards,
Matthias-Christian

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

SSL client verification context

Matthias-Christian Ott 7925 February 10, 2011 02:38AM

Re: SSL client verification context

Igor Sysoev 4664 February 10, 2011 08:22AM

Re: SSL client verification context

Matthias-Christian Ott 2757 February 10, 2011 10:06AM

Re: SSL client verification context

Igor Sysoev 4190 February 10, 2011 10:26AM

Re: SSL client verification context

Matthias-Christian Ott 2680 February 10, 2011 10:38AM

Re: SSL client verification context

Igor Sysoev 2796 February 10, 2011 10:58AM

Re: SSL client verification context

Matthias-Christian Ott 2527 February 10, 2011 11:04AM

Re: SSL client verification context

Igor Sysoev 4123 February 10, 2011 11:10AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 144
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready