27 Aug
2009
27 Aug
'09
11:36 p.m.
On Thu, 2009-08-27 at 14:30 -0700, Florin Andrei wrote:
Timo Sirainen wrote:
Hmm. Maybe the setting could have a new "with-ssl" option or something..
That would be awesome. If I'm not mistaken, it's a pretty common situation to use certs on SSL but not require them on non-SSL. Kind of makes sense to me at least.
Actually I don't really think this is useful. Even in your use case you don't really want to require it with SSL connections, you want to require it for connections outside from your intranet. A better way would be to just do something like:
ssl_require_client_cert = yes remote_ip 192.168.0.0/16 { ssl_require_client_cert = no }
That's almost possible in v2.0.