curl request via Nginx with mTLS enabled

user3621726

9/25/23, 12:27 AM

When Nginx is configured to verify server's TLS chain like this:

  proxy_ssl_trusted_certificate some.pem;
  proxy_ssl_verify on;
  proxy_ssl_verify_depth 3;

and testing using a curl command, will both curl and Nginx perform server TLS chain verification?

0 + 0

ssl

nginx

curl

Score:0

Server

Binky

9/29/23, 8:31 PM

Assuming curl makes requests through the nginx proxy (using -x/--proxy if HTTP inside TLS; --proxytunnel for other protocols) then yes, both curl and nginx are verifying the server certificate by constructing a chain from that certificate to a trusted root certificate. If you don't want curl to verify the certificate chain, you can use -k/--insecure.

EDIT: If your concern has to do with mutual TLS (i.e. curl is sending a client certificate to the server) then please edit your question to make clear your concern about mTLS. I did not consider mTLS to be relevant to the question because you asked

will both curl and Nginx perform server TLS chain verification?

(emphasis mine)

mTLS certificate validation/verification would involve the client's TLS chain.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: curl request via Nginx with mTLS enabled

TH: คำขอ curl ผ่าน Nginx โดยเปิดใช้งาน mTLS

RO: cerere curl prin Nginx cu mTLS activat

RU: запрос curl через Nginx с включенным mTLS

VI: yêu cầu cuộn tròn qua Nginx khi bật mTLS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.