#499 closed defect (invalid)
WebSocket will not connect from iOS Safari if ssl_verify_client is set to "optional"
Reported by: | Greg Smethells | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-core | Version: | 1.4.x |
Keywords: | Cc: | ||
uname -a: | Linux gsmethells 2.6.32-279.el6.x86_64 #1 SMP Thu Jun 21 07:08:44 CDT 2012 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.4.1
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --with-debug --with-http_ssl_module |
Description
The latest iOS Safari fails to connect a WebSocket if ssl_verify_client is set to "optional". No attempt is made to provided a client cert from the client; however, given that the client cert is "optional", it should still connect, to my understanding.
Change History (4)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
Instead a client cert will only be used when servers interact with other servers in the distributed system via RPC on the same port used by the web app itself. This port co-use allows fewer firewall and infrastructure changes thus smoothing the adoption of the web app.
comment:3 by , 11 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
This doesn't looks like nginx problem, try reporting it to Apple instead. There are chances that #472 is related, try looking if a workaround suggested works for you.
Our constraints are also that setting up client certificates on an iPad is too large and painful of a problem for our users to perform en-mass during deployment of our web app. In fact, using a web app is supposed to improve the ease of deployment, hence a client cert will never be assumed in the design for those designing web apps with thousands of users in many geographic locations.