commit c846871ce106e0fbe4c27a48a4c3378f18cd03f8
author Maxim Dounin <mdounin@mdounin.ru> Wed Oct 03 15:24:08 2012 +0000
committer Maxim Dounin <mdounin@mdounin.ru> Wed Oct 03 15:24:08 2012 +0000
tree 671f9b27b80721d8e194e6450776cb54297a0f6b
parent f8cc8969d52211530c0eba3d28e0cb03d4f958b3

SSL: the "ssl_verify_client" directive parameter "optional_no_ca".

This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.

Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).

Patch by Mike Kazantsev, Eric O'Connor.