Opened 12 years ago
Closed 11 years ago
#317 closed enhancement (wontfix)
Allow ssl_verify_client and ssl_verify_depth within locations
Reported by: | Sebastian Wyder | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | 1.3.x |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: | - |
Description
Allow the directives ssl_verify_client and ssl_verify_depth within location blocks, so that different approaches can be used when working with SSL client certificates.
It also would be useful to be able to use ssl_client_certificate and ssl_trusted_certificate within location blocks.
Change History (2)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
There are no plans to add this. Simple solution is to keep servers which require client certificates separate from ones which don't.
Note:
See TracTickets
for help on using tickets.
Without this feature, WebSockets are significantly less secure because it forces the client-server design to not use client verification within the TLS protocol when Secure WebSocket traffic is run over the same port as the HTTPS traffic. Browsers, including iOS Safari 6 and 7, will fail to open a WebSocket if ssl_verify_client is even set to "optional" much less "on".