Hi Maxim, sorry for double posting. I was talking to some developers here on nginx.conf and they suggested proposing it on dev list. I could not find the previous post.
Re OSX: it might not be server platform, but development one. Our use case is running a proxy in your production/dev that records all the traffic and can modify it (https://github.com/apitools/monitor). So the OSX use case is very strong as easy deployment to any platform that nginx works with. Cheers Michal Cichra > On 23 Sep 2015, at 11:58, Maxim Dounin <mdou...@mdounin.ru> wrote: > > Hello! > > On Wed, Sep 23, 2015 at 10:58:19AM -0700, Michal Cichra wrote: > >> Hi there, >> >> There is very basic patch to nginx (which is the same with 1.9.5) to allow >> loading all SSL certificates from CApath. >> >> When doing proxy with ssl verification, nginx needs ssl certificates to be >> loaded through file. >> That causes trouble for dynamic proxies, that can proxy to any host. >> Workaround would be pack all certificates from CApath and load them to nginx. >> However, that is not very cross platform as on OSX it can use keychain. >> I understand there are some drawbacks (like memory usage), so I’d make it >> configurable with off by default. >> >> See the gist https://gist.github.com/mikz/4dae10a0ef94de7c8139 >> and discussion on openresty mailing list: >> https://groups.google.com/forum/#!searchin/openresty-en/ssl/openresty-en/SuqORBK9ys0/Yz0ypcRyV4UJ > > I don't see anything changed since my previous response to your > proposal: > > http://mailman.nginx.org/pipermail/nginx/2014-September/045068.html > > If you want things to actually happen you may want to go ahead and > start working on a real patch. > > (Just a side note: talking about OS X doesn't really make sense, > as it's not a server platform.) > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
