Opened 6 years ago

Closed 5 years ago

#317 closed enhancement (wontfix)

Allow ssl_verify_client and ssl_verify_depth within locations

Reported by: www.google.com/accounts/o8/id?id=AItOawkAeAGx4Dl5gGgEZZiTPL2B-E60RRKGbCU Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.3.x
Keywords: Cc:
uname -a:
nginx -V: -

Description

Allow the directives ssl_verify_client and ssl_verify_depth within location blocks, so that different approaches can be used when working with SSL client certificates.

It also would be useful to be able to use ssl_client_certificate and ssl_trusted_certificate within location blocks.

Change History (2)

comment:1 Changed 5 years ago by www.google.com/accounts/o8/id?id=AItOawm30qXFR0rA9JA2x_cVgBGX9S4IXtUioUc

Without this feature, WebSockets? are significantly less secure because it forces the client-server design to not use client verification within the TLS protocol when Secure WebSocket? traffic is run over the same port as the HTTPS traffic. Browsers, including iOS Safari 6 and 7, will fail to open a WebSocket? if ssl_verify_client is even set to "optional" much less "on".

comment:2 Changed 5 years ago by mdounin

  • Resolution set to wontfix
  • Status changed from new to closed

There are no plans to add this. Simple solution is to keep servers which require client certificates separate from ones which don't.

Note: See TracTickets for help on using tickets.