Welcome! Log In Create A New Profile

Re: [PATCH] SSL: fix order of checks during SSL certificate verification

Forum List Message List New Topic Print View

Piotr Sikora

September 03, 2016 06:28PM

Hey Maxim,

> No, your are incorrect here. "In connection with" means that
> SSL_get_peer_certificate() should be used, but doesn't require it
> to be used always, in all cases. In particular,
> SSL_get_peer_certificate() is useless when SSL_get_verify_result()
> returns anything but X509_V_OK.

Sigh, why do you insist on checking status of verification of client
certificate that wasn't sent in the first place?

> Because ngx_ssl_verify_host() is expected to be a generic
> function, and it can be used in situations different from talking
> to upstream servers.

Like what, exactly?

Also, for the record, are you fine with "client" in
ngx_ssl_verify_client() or is that also expected to be generic
function?

Best regards,
Piotr Sikora

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] SSL: fix order of checks during SSL certificate verification	Piotr Sikora	968	August 02, 2016 06:26PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Maxim Dounin	343	August 03, 2016 11:56PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Piotr Sikora	240	August 09, 2016 03:52PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Maxim Dounin	305	August 17, 2016 08:38PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Piotr Sikora	237	August 18, 2016 10:48PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Maxim Dounin	249	August 21, 2016 10:04AM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Piotr Sikora	200	August 31, 2016 06:26PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Maxim Dounin	215	September 01, 2016 11:28AM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Piotr Sikora	216	September 01, 2016 05:18PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Maxim Dounin	230	September 02, 2016 08:50AM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Piotr Sikora	338	September 02, 2016 07:20PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Maxim Dounin	175	September 03, 2016 11:30AM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Piotr Sikora	232	September 03, 2016 06:28PM
Re: [PATCH] SSL: fix order of checks during SSL certificate verification	Maxim Dounin	359	September 05, 2016 10:18AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 172

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018