Hey Maxim, > No, your are incorrect here. "In connection with" means that > SSL_get_peer_certificate() should be used, but doesn't require it > to be used always, in all cases. In particular, > SSL_get_peer_certificate() is useless when SSL_get_verify_result() > returns anything but X509_V_OK.
Sigh, why do you insist on checking status of verification of client certificate that wasn't sent in the first place? > Because ngx_ssl_verify_host() is expected to be a generic > function, and it can be used in situations different from talking > to upstream servers. Like what, exactly? Also, for the record, are you fine with "client" in ngx_ssl_verify_client() or is that also expected to be generic function? Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
