Score:0

curl request via Nginx with mTLS enabled

us flag

When Nginx is configured to verify server's TLS chain like this:

  proxy_ssl_trusted_certificate some.pem;
  proxy_ssl_verify on;
  proxy_ssl_verify_depth 3;

and testing using a curl command, will both curl and Nginx perform server TLS chain verification?

Score:0
de flag

Assuming curl makes requests through the nginx proxy (using -x/--proxy if HTTP inside TLS; --proxytunnel for other protocols) then yes, both curl and nginx are verifying the server certificate by constructing a chain from that certificate to a trusted root certificate. If you don't want curl to verify the certificate chain, you can use -k/--insecure.

EDIT: If your concern has to do with mutual TLS (i.e. curl is sending a client certificate to the server) then please edit your question to make clear your concern about mTLS. I did not consider mTLS to be relevant to the question because you asked

will both curl and Nginx perform server TLS chain verification?

(emphasis mine)

mTLS certificate validation/verification would involve the client's TLS chain.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.