Opened 7 years ago

Closed 7 years ago

#317 closed enhancement (wontfix)

Allow ssl_verify_client and ssl_verify_depth within locations

Reported by: Sebastian Wyder Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.3.x
Keywords: Cc:
uname -a:
nginx -V: -

Description

Allow the directives ssl_verify_client and ssl_verify_depth within location blocks, so that different approaches can be used when working with SSL client certificates.

It also would be useful to be able to use ssl_client_certificate and ssl_trusted_certificate within location blocks.

Change History (2)

comment:1 by Greg Smethells, 7 years ago

Without this feature, WebSockets are significantly less secure because it forces the client-server design to not use client verification within the TLS protocol when Secure WebSocket traffic is run over the same port as the HTTPS traffic. Browsers, including iOS Safari 6 and 7, will fail to open a WebSocket if ssl_verify_client is even set to "optional" much less "on".

comment:2 by Maxim Dounin, 7 years ago

Resolution: wontfix
Status: newclosed

There are no plans to add this. Simple solution is to keep servers which require client certificates separate from ones which don't.

Note: See TracTickets for help on using tickets.