Hello!
On Thu, Sep 11, 2014 at 12:56:29AM +0200, Michal Cichra wrote:
> Hi,
>
> first I would like to thank for the proxy ssl verification that
> landed in nginx 1.7.
>
> Regarding that, there is one slight problem I’ve found, when
> creating a proxy, that dynamically accesses different hosts
Yes, the s_client and s_server core is …
There are even bugs filled
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/396818
But this is different. The SSL_CTX_set_default_verify_paths does not have a
bug,
but the usage of it is wrong.
Cheers.
On 11 Sep 2014, at 05:14, Philipp
wrote:
Am 11.09.2014 00:56 schrieb Michal Cichra:
What I propose is a configuration flag, to set
`SSL_CTX_set_default_verify_paths`.
Careful what you wish for..
I didnt check the surrounding code, but above call and CAfile/CApath
sets (if cmd-line or via API wont matter)
has "funny" error condition
Hi,
first I would like to thank for the proxy ssl verification that landed in nginx
1.7.
Regarding that, there is one slight problem I’ve found, when creating a proxy,
that dynamically accesses different hosts.
The configuration is limited to setting a certificate and does not use CA path
at a
