Welcome! Log In Create A New Profile

Advanced

Re: Load SSL certificates from system's store

Previous Message Next Message
Forum List Message List New Topic Print View
Michal Cichra
September 23, 2015 04:32PM
Hi Maxim,
sorry for double posting. I was talking to some developers here on nginx.conf and they suggested proposing it on dev list.
I could not find the previous post.

Re OSX: it might not be server platform, but development one. Our use case is running a proxy in your production/dev that records all the traffic and can modify it (https://github.com/apitools/monitor). So the OSX use case is very strong as easy deployment to any platform that nginx works with.

Cheers
Michal Cichra

> On 23 Sep 2015, at 11:58, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> Hello!
>
> On Wed, Sep 23, 2015 at 10:58:19AM -0700, Michal Cichra wrote:
>
>> Hi there,
>>
>> There is very basic patch to nginx (which is the same with 1.9.5) to allow loading all SSL certificates from CApath.
>>
>> When doing proxy with ssl verification, nginx needs ssl certificates to be loaded through file.
>> That causes trouble for dynamic proxies, that can proxy to any host. Workaround would be pack all certificates from CApath and load them to nginx.
>> However, that is not very cross platform as on OSX it can use keychain.
>> I understand there are some drawbacks (like memory usage), so I’d make it configurable with off by default.
>>
>> See the gist https://gist.github.com/mikz/4dae10a0ef94de7c8139
>> and discussion on openresty mailing list: https://groups.google.com/forum/#!searchin/openresty-en/ssl/openresty-en/SuqORBK9ys0/Yz0ypcRyV4UJ
>
> I don't see anything changed since my previous response to your
> proposal:
>
> http://mailman.nginx.org/pipermail/nginx/2014-September/045068.html
>
> If you want things to actually happen you may want to go ahead and
> start working on a real patch.
>
> (Just a side note: talking about OS X doesn't really make sense,
> as it's not a server platform.)
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

Load SSL certificates from system's store

Michal Cichra 687 September 23, 2015 02:00PM

Re: Load SSL certificates from system's store

Maxim Dounin 283 September 23, 2015 03:00PM

Re: Load SSL certificates from system's store

Michal Cichra 302 September 23, 2015 04:32PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 244
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready