From: Eero Aaltonen <eero.aalto...@vaisala.com> I was looking for an option to configure the trusted CAs using a directory, equivalent to the OpenSSL -CApath option. The option seemed to be missing, so here's a minimal working example of what I would like to accomplish.
The current version is still missing code to populate the list used for SSL_CTX_set_client_CA_list, but enough to actually verify a certificate chain using CAs in the 'ssl_client_ca_dir' specified directory. Comments appreciated. -- Eero Eero Aaltonen (1): WIP: SSL: add ssl_client_ca_dir option for trusted CAs src/event/ngx_event_openssl.c | 24 +++++++++++++++++------- src/event/ngx_event_openssl.h | 2 +- src/http/modules/ngx_http_grpc_module.c | 1 + src/http/modules/ngx_http_proxy_module.c | 1 + src/http/modules/ngx_http_ssl_module.c | 15 +++++++++++++-- src/http/modules/ngx_http_ssl_module.h | 1 + src/http/modules/ngx_http_uwsgi_module.c | 1 + src/mail/ngx_mail_ssl_module.c | 5 +++-- src/stream/ngx_stream_proxy_module.c | 1 + src/stream/ngx_stream_ssl_module.c | 5 +++-- src/stream/ngx_stream_ssl_module.h | 1 + 11 files changed, 43 insertions(+), 14 deletions(-) -- 2.25.1 _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
