Opened 10 years ago
Closed 10 years ago
#317 closed enhancement (wontfix)
Allow ssl_verify_client and ssl_verify_depth within locations
|Reported by:||Sebastian Wyder||Owned by:|
Allow the directives ssl_verify_client and ssl_verify_depth within location blocks, so that different approaches can be used when working with SSL client certificates.
It also would be useful to be able to use ssl_client_certificate and ssl_trusted_certificate within location blocks.
Change History (2)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
|Status:||new → closed|
There are no plans to add this. Simple solution is to keep servers which require client certificates separate from ones which don't.
Note: See TracTickets for help on using tickets.
Without this feature, WebSockets are significantly less secure because it forces the client-server design to not use client verification within the TLS protocol when Secure WebSocket traffic is run over the same port as the HTTPS traffic. Browsers, including iOS Safari 6 and 7, will fail to open a WebSocket if ssl_verify_client is even set to "optional" much less "on".