[mTLS] Fix acme verfication when mTLS and Client CN verification is enabled

This commit is contained in:
Marco Boss 2024-03-04 13:41:03 +01:00
parent a41f46a3c7
commit 33b18c3509
No known key found for this signature in database
GPG key ID: 8ADD63FB98A9AF21

View file

@ -985,8 +985,10 @@ stream {
{{ if not ( empty $server.CertificateAuth.MatchCN ) }}
{{ if gt (len $server.CertificateAuth.MatchCN) 0 }}
if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
return 403 "client certificate unauthorized";
location ~ ^/(?!(\.well-known/acme-challenge)) {
if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
return 403 "client certificate unauthorized";
}
}
{{ end }}
{{ end }}