We would like to be able to configure the mutual TLS client authentication by:
- adding intermediate CA certificates
- without adding the root CA certificate for each intermediate certificate
If we add CA as a trusted issuer, we shouldn't need to add its issuer to
the truststore (ssl_client_certificate).
I propose a backward compatible solution to add a new configuration
option ssl_verify_partial_chain that can be turned on if the behaviour
described above is desired. This option enables the openssl library
partial_chain verification.
Kind Regards
Vedran Vidovic
Vedran Vidovic
Odricanje od odgovornosti - disclaimer
_______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
