Hello!
On Tue, Oct 25, 2016 at 07:20:00PM -0400, WGH wrote:
> When nginx requests a client certificate with ssl_verify_client option,
> and client complies, the latter sends its certificate in plain text.
>
> Although it's just a public part of the certificate, one can consider it
> a kind of in
> Am 26.10.2016 um 01:20 schrieb WGH :
>
> When nginx requests a client certificate with ssl_verify_client option,
> and client complies, the latter sends its certificate in plain text.
>
> Although it's just a public part of the certificate, one can consider it
> a kind of information disclosur
When nginx requests a client certificate with ssl_verify_client option,
and client complies, the latter sends its certificate in plain text.
Although it's just a public part of the certificate, one can consider it
a kind of information disclosure, since user name, email, organization,
etc. is tran
