Hi Maxim, Just did that and work fine for me! The warning "chain contains anchor" is gone from qualys ssl test page, while OCSP stapling is on, as well as ssl_stapling_verify.
Side note: after applying this patch, I realized my config was actually wrong: the ssl_certificate file was indeed lacking my ssl cert provider intermediate cert and the trust chain verification started to fail. Previously, this error was masked by openssl auto building the trust chain using alphaSSL intermediate found in ssl_trsuted_certificate. Also, I applied the patch to nginx 1.6.2, which I'm using. Assuming this needs more testing, hope it can make it into an upcoming release. Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256613,256996#msg-256996 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
