SSL client certyficage

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SSL client certyficage

S.A.N
Hi.
I have own cloud server with ssl client cert verification ssl_verify_client
set to on. How I can disable verification for location/index.php/s/ share
links ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273239,273239#msg-273239

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL client certyficage

Alex Samad
Hi

If you asking if some part of the tree can have no ssl client verification, then no


Once you turn on client verififcation its on for / and down, no way to turn it off for https://a.b.c.d/Not/here of its on.

Shame, I would like to see this feature, but not possible with current code base, I understand.

Alex


On 28 March 2017 at 07:28, piroaa <[hidden email]> wrote:
Hi.
I have own cloud server with ssl client cert verification ssl_verify_client
set to on. How I can disable verification for location/index.php/s/ share
links ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273239,273239#msg-273239

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL client certyficage

Jim Ohlstein
In reply to this post by S.A.N
Hello,

On 3/27/17 4:28 PM, piroaa wrote:
> Hi.
> I have own cloud server with ssl client cert verification ssl_verify_client
> set to on. How I can disable verification for location/index.php/s/ share
> links ?
>

try setting ssl_verify_client to optional and use the built in variable
"ssl_client_verify".

Something like this (not tested):

server {

        ...

        ssl_client_certificate /path/to/client.crt;
        ssl_verify_client optional;

        ## Unprotected part of site
        location ^~ /path/to/shared/links {
                ...
        }

        ## Protected part of site
        location ~ /main/site
                       
                if ($ssl_client_verify != SUCCESS) {
                   return 403;
                }

                ...
        }

--
Jim Ohlstein


"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...