Hello! On Wed, Aug 28, 2013 at 3:41 AM, Maxim Dounin <[email protected]> wrote: > Hello! > [...] > > if (conf->upstream.ssl > && ngx_ssl_trusted_certificate(cf, conf->upstream.ssl, > &conf->upstream.ssl_certificate > conf->upstream.ssl_verify_depth) > != NGX_OK) > { > ... > } > > Additional question is what happens in a configuration like > > location / { > proxy_pass https://example.com; > proxy_ssl_verify on; > proxy_ssl_trusted_ceritifcate example.crt; > > if ($foo) { > # do nothing > } > } > > or the same with a nested location instead of "if". Quick look > suggest it will result in trusted certs loaded twice (and stale > alerts later due to how OpenSSL handles this). >
I have tried this configuration (and also a nested location), and didn't see that Nginx loaded the same certificate twice (I've actually put a breakpoint on the if clause in which ngx_ssl_trusted_certificate is called, and it was called only once for the location. Can you specify exactly how to reproduce this case? Regards, Aviram _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
