Opened 12 years ago
Closed 11 years ago
#317 closed enhancement (wontfix)
Allow ssl_verify_client and ssl_verify_depth within locations
| Reported by: | Sebastian Wyder | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.3.x |
| Keywords: | Cc: | ||
| uname -a: | |||
| nginx -V: | - | ||
Description
Allow the directives ssl_verify_client and ssl_verify_depth within location blocks, so that different approaches can be used when working with SSL client certificates.
It also would be useful to be able to use ssl_client_certificate and ssl_trusted_certificate within location blocks.
Change History (2)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
There are no plans to add this. Simple solution is to keep servers which require client certificates separate from ones which don't.
Note:
See TracTickets
for help on using tickets.
Without this feature, WebSockets are significantly less secure because it forces the client-server design to not use client verification within the TLS protocol when Secure WebSocket traffic is run over the same port as the HTTPS traffic. Browsers, including iOS Safari 6 and 7, will fail to open a WebSocket if ssl_verify_client is even set to "optional" much less "on".