Hi Maxim,
I, naively maybe, thought the following would work. At an incoming request,
nginx checks whether the session is new or resumed.
* new: it retrieves the chain, calls X509_chain_up_ref and stores a mapping
from session ID to the chain pointer
* resumed: it retrieves the session ID, looks
Hello!
On Mon, Jul 06, 2020 at 03:55:05PM -0400, everhardt wrote:
> Thanks for your reply, Maxim! I'll work out an alternative then.
>
> Re. session resumption, I read in the OpenSSL docs
> (https://www.openssl.org/docs/man1.1.0/man3/SSL_get0_verified_chain.html)
> that OpenSSL is willing to st
Thanks for your reply, Maxim! I'll work out an alternative then.
Re. session resumption, I read in the OpenSSL docs
(https://www.openssl.org/docs/man1.1.0/man3/SSL_get0_verified_chain.html)
that OpenSSL is willing to store the chain longer than a single request, but
only if the implementing appli
Hello!
On Sat, Jul 04, 2020 at 05:52:09AM -0400, everhardt wrote:
> I have the following certificate chain: Root certificate > Intermediate
> certificate > End user certificate.
>
> I've set up nginx as an SSL termination proxy for a backend service that
> differentiates it actions based on the
I have the following certificate chain: Root certificate > Intermediate
certificate > End user certificate.
I've set up nginx as an SSL termination proxy for a backend service that
differentiates it actions based on the serial of the intermediate
certificate and the subject of the end user certif