Hello! On Sun, Sep 01, 2013 at 11:19:06AM +0300, Aviram Cohen wrote:
> Hello! > > On Wed, Aug 28, 2013 at 3:41 AM, Maxim Dounin <[email protected]> wrote: > > Hello! > > > [...] > > > > if (conf->upstream.ssl > > && ngx_ssl_trusted_certificate(cf, conf->upstream.ssl, > > &conf->upstream.ssl_certificate > > conf->upstream.ssl_verify_depth) > > != NGX_OK) > > { > > ... > > } > > > > Additional question is what happens in a configuration like > > > > location / { > > proxy_pass https://example.com; > > proxy_ssl_verify on; > > proxy_ssl_trusted_ceritifcate example.crt; > > > > if ($foo) { > > # do nothing > > } > > } > > > > or the same with a nested location instead of "if". Quick look > > suggest it will result in trusted certs loaded twice (and stale > > alerts later due to how OpenSSL handles this). > > > > I have tried this configuration (and also a nested location), and didn't > see that Nginx loaded the same certificate twice (I've actually put > a breakpoint on the if clause in which ngx_ssl_trusted_certificate > is called, and it was called only once for the location. > > Can you specify exactly how to reproduce this case? I was probably wrong here, as the code you added is before the conf->upstream.ssl is inherited. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
