]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f8cc896) | patch
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
authorMaxim Dounin <mdounin@mdounin.ru>
Wed, 3 Oct 2012 15:24:08 +0000 (15:24 +0000)
committerMaxim Dounin <mdounin@mdounin.ru>
Wed, 3 Oct 2012 15:24:08 +0000 (15:24 +0000)
commitc846871ce106e0fbe4c27a48a4c3378f18cd03f8
tree671f9b27b80721d8e194e6450776cb54297a0f6btree | snapshot
parentf8cc8969d52211530c0eba3d28e0cb03d4f958b3commit | diff
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".

This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.

Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).

Patch by Mike Kazantsev, Eric O'Connor.
src/event/ngx_event_openssl.h diff | blob | history
src/http/modules/ngx_http_ssl_module.c diff | blob | history
src/http/ngx_http_request.c diff | blob | history
nginx upstream