Hello! On Wed, Apr 03, 2013 at 09:30:40AM -0400, Sekhar wrote:
> Hi Maxim, > > Thanks for replying to the post. Below is my concern. > > Multiple certificate can have the same DN and the DN name match will happen > after the SSL handshake is complete using the root CA. It means the SSL > layer is complete and we are doing authorization not authentication. The CA is supposed to ensure that DN claimed in a certificate is correct, that's the whole point of PKI. If you want to do authentication yourself without trusting the root CA used to issue certificates, you may do so in a similar manner by checking the whole certificate as available via $ssl_client_raw_cert variable. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
