Hi there,

There is very basic patch to nginx (which is the same with 1.9.5) to allow loading all SSL certificates from CApath.

When doing proxy with ssl verification, nginx needs ssl certificates to be loaded through file.
That causes trouble for dynamic proxies, that can proxy to any host. Workaround would be pack all certificates from CApath and load them to nginx.
However, that is not very cross platform as on OSX it can use keychain.
I understand there are some drawbacks (like memory usage), so I’d make it configurable with off by default.

See the gist https://gist.github.com/mikz/4dae10a0ef94de7c8139
and discussion on openresty mailing list: https://groups.google.com/forum/#!searchin/openresty-en/ssl/openresty-en/SuqORBK9ys0/Yz0ypcRyV4UJ

Thanks for feedback
Michal Cichra
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel