On Thu, 2009-08-27 at 14:30 -0700, Florin Andrei wrote: > Timo Sirainen wrote: > > > > Hmm. Maybe the setting could have a new "with-ssl" option or something.. > > That would be awesome. If I'm not mistaken, it's a pretty common > situation to use certs on SSL but not require them on non-SSL. Kind of > makes sense to me at least.
Actually I don't really think this is useful. Even in your use case you
don't really want to require it with SSL connections, you want to
require it for connections outside from your intranet. A better way
would be to just do something like:
ssl_require_client_cert = yes
remote_ip 192.168.0.0/16 {
ssl_require_client_cert = no
}
That's almost possible in v2.0.
signature.asc
Description: This is a digitally signed message part
