Hey, > Just drop the backwards-compatibility and require OpenSSL 1.0.2 or > later for that feature, just like a particular version of OpenSSL is > needed for TLS-SNI.
I kind of agree with that. While OpenSSL-1.0.2 is still unreleased, it seems that all options for existing releases are a bit hacky, to say at least... The trusted certificate store sounds like the only way to do it right now, but it effectively makes SSL client verification useless and creates a security issue. What do you think, Maxim? Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
