Hello! On Tue, Apr 22, 2014 at 06:13:54PM +0200, Florian Le Goff wrote:
> Hi there, > > I am trying to setup a x509 client cert check with Nginx. Everything > is running smoothly until I add the ssl_crl directive. > > Unfortunately, my CA happens to release its CRLs under several > files... for historic reasons from what I heard. > > With Apache/mod_ssl; the SSLCARevocationFile directive sets a > concatenated PEM-encoded CA CRLs, even if concatenated files are not > fully compliant with the CRL logic. > > Is it something that might be setup with nginx ? The ability to setup > a list of the individual files somewhere in the nginx configuration > would be optimal. Multiple PEM-encoded CRLs concatenated into a single file should work fine. Note that both Apache/mod_ssl and nginx rely on OpenSSL to load CRL files, and handling is more or less identical. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
