Hello! On Tue, Sep 24, 2019 at 06:35:10AM -0400, shivramg94 wrote:
> According to the documentation > (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify) > the directive "proxy_ssl_verify" is used to enable or disabled the > verification of the proxied HTTPS server certificate. But it doesn't talk > about what all different types of validations (like Host Name Verification, > Certificate Expiry etc) it does. > > Could someone list out the validations Nginx performs on the obtained server > certificate from the upstream server when the above said directive is set to > "on"? It verifies that the certificate is valid, signed by a trusted CA, and matches the host name as used in the proxy_pass directive. Much like it normally happens with any HTTPS client as per RFC 2818. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
