OpenResty set ssl_verify_client directive via lua

[Bryan Pfremmer]

Hi,

I was looking at the ssl certificate by lua functionality, but I don't see support currently for selectively enabling client certificates.  Is this correct?  Has anyone attempted this functionality yet?  Ideally we'd basically like to combine this with SNI and by domain specify if ssl_verify_client is set to on.

[jona...@findmeon.com]

I open sourced our code for a certificate manger.  OpenResty uses SNI to serve a certificate per domain; the lookup is in nginx with failovers to redis and a python app.  This may point you in the right direction:

https://github.com/aptise/peter_sslers/blob/master/tools/nginx_lua_library/ssl_certhandler.lua