Forum List Message List New Topic Print View

Maxim Dounin

October 13, 2017 09:22AM

Hello!

On Fri, Oct 13, 2017 at 05:23:12AM -0700, Zhihua Cao wrote:

> # HG changeset patch
> # User Zhihua Cao <czhihua@vmware.com>
> # Date 1507889088 25200
> # Fri Oct 13 03:04:48 2017 -0700
> # Node ID cef7fb3f127a2847b3898f8e71d4d445a4b81dd6
> # Parent 648b1cca8f50d83eea02a6cc2c105ae95a3f3d72
> Make ssl upstream server name check configurable
>
> Now nginx always check if the common name in the certificate sent
> from upstream. But they are not always same, if not same, ssl
> handshake will fail.
> Now make the check configurable, if proxy_ssl_server_name_check is off,
> turn off the check.
> The check is turned on by default.

The "proxy_ssl_name" directive can be used to adjust the name
nginx asks for (if Server Name Indication is enabled) and verifies
in the response, see http://nginx.org/r/proxy_ssl_name. If you
think it is not enough, please explain the use case you are trying
to use it for.

(Also, please avoid replying to mailing list digests. It breaks
threads and generally makes conversations very inconvenient.)

[...]

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] Make ssl upstream server name check configurable	Zhihua Cao	755	October 13, 2017 08:24AM
Re: [PATCH] Make ssl upstream server name check configurable	Maxim Dounin	230	October 13, 2017 09:22AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 180

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

[PATCH] Make ssl upstream server name check configurable

Re: [PATCH] Make ssl upstream server name check configurable

Online Users