Skip to content

Commit 4f70a63

Browse files
authored
Merge pull request #2636 from SchoNie/CRL-expired-fix
ci: fix expired CRL files used in testing
2 parents 8f0c7ec + 76fc9bb commit 4f70a63

File tree

4 files changed

+24
-21
lines changed

4 files changed

+24
-21
lines changed

docs/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -403,6 +403,9 @@ If you want to use a global CRL file you have to copy your CRL file named as `ca
403403
> [!NOTE]
404404
> Use Per-VIRTUAL_HOST CRL if you configured the [Per-VIRTUAL_HOST CA](#per-virtual_host-ca) or Global CRL if you configured the [Global CA](#global-ca)
405405

406+
> [!IMPORTANT]
407+
> Make sure you rotate the CRL before it's expiration date, even if nothing has changed. An expired CRL will make Nginx unable to validate the certificates that were issued.
408+
406409
### optional ssl_verify_client
407410
Optional [`ssl_verify_client`](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client) can be activated by using the `com.github.nginx-proxy.nginx-proxy.ssl_verify_client: "optional"` label on a proxied container. If this label is set on a proxied container access is not blocked but the result of the mTLS verify is stored in the [$ssl_client_verify](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_client_verify) variable which you can use this in the [Per-VIRTUAL_HOST location](https://github.com/nginx-proxy/nginx-proxy/tree/main/docs#per-virtual_host-location-configuration) and [Per-VIRTUAL_PATH location](https://github.com/nginx-proxy/nginx-proxy/tree/main/docs#per-virtual_path-location-configuration) configurations.
408411

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
-----BEGIN X509 CRL-----
22
MIICADCB6QIBATANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZuZ2lueC1wcm94
3-
eS10ZXN0LXN1aXRlFw0yNTAxMDMxMjMwNTBaFw0yNTA3MDIxMjMwNTBaMDIwMAIR
3+
eS10ZXN0LXN1aXRlFw0yNTA3MDkxMDEyNDFaFw0zNTA3MDcxMDEyNDFaMDIwMAIR
44
AK8a1AmezG56vTp5WqtpnScXDTI1MDEwMzEyMzAwN1owDDAKBgNVHRUEAwoBBaBg
55
MF4wXAYDVR0jBFUwU4AU9X5P1mF9ZBIYOSikqH40bUmpgRahJaQjMCExHzAdBgNV
66
BAMMFm5naW54LXByb3h5LXRlc3Qtc3VpdGWCFDb0isAkQpzgE7F2pbikhN0SOn8t
7-
MA0GCSqGSIb3DQEBCwUAA4IBAQCGaKW8kJy1Mznc3T2OHkCx8GudvOo0ZBsZ+pTm
8-
sAnlxDQTIqm8e4gU19WF/SISlfr7qEERqif8+SlUgS9CWtJa70gk+9oobuWfBNIT
9-
VXD4ujO/47nqt2MdRUSSGX+K+9Ox2gyU6kHO1ZrT8VmsL22Bhfa2Pw/3OBL/QHMU
10-
b1hAZyed0CoPCnMqjG0X5zMo3ByGW3TkxG2GhzKCWLGXVbzdHFpS98hpkpaxvIlE
11-
juSYuPItwEftHdB8JHAHL18uDJapZ5mOCuUn/HoZBWOudFjtFQUUzq4eTsB56My4
12-
qDGb1/ReAoGyheuV0fEtg9MJkGEuGrb38JN6hcdfpW5u0Hwb
7+
MA0GCSqGSIb3DQEBCwUAA4IBAQAji33L7enDzhw8qNYLtMxrJuuLAMJeRDO4qYeI
8+
pIJu38K+9RTKG2U/BPPKmdtos/M1NEVJrLqZ/eKHoEU/+u0f1pod3Vh2tAlyB+qp
9+
aGwsg5o07hdB85VDAJ7zwPLFjHtChhhVTS5qOqidaSdVBE0/IFifWBEyHyC7yJDl
10+
dlNY7jmarlmFnpDWmXqAdgMqNlS/t9KN8RtCjiHlF8lF+qjimCWAcfecMmdbAUFC
11+
RFHmo6ENxmcDXQDRVqKAXMzmk/YAe0SCqdT0EsWSvUmRBKdtXSBHAQRz8hl2xI2Z
12+
6CtJXYw6Oy4eA+Ge2JMSRUuEKYwpVSLGdxCoHAkZkz+2rU2X
1313
-----END X509 CRL-----

test/test_ssl/certs_mtls/ca.crl.pem

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
-----BEGIN X509 CRL-----
22
MIICADCB6QIBATANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZuZ2lueC1wcm94
3-
eS10ZXN0LXN1aXRlFw0yNTAxMDMxMjMwNTBaFw0yNTA3MDIxMjMwNTBaMDIwMAIR
3+
eS10ZXN0LXN1aXRlFw0yNTA3MDkxMDEyNDFaFw0zNTA3MDcxMDEyNDFaMDIwMAIR
44
AK8a1AmezG56vTp5WqtpnScXDTI1MDEwMzEyMzAwN1owDDAKBgNVHRUEAwoBBaBg
55
MF4wXAYDVR0jBFUwU4AU9X5P1mF9ZBIYOSikqH40bUmpgRahJaQjMCExHzAdBgNV
66
BAMMFm5naW54LXByb3h5LXRlc3Qtc3VpdGWCFDb0isAkQpzgE7F2pbikhN0SOn8t
7-
MA0GCSqGSIb3DQEBCwUAA4IBAQCGaKW8kJy1Mznc3T2OHkCx8GudvOo0ZBsZ+pTm
8-
sAnlxDQTIqm8e4gU19WF/SISlfr7qEERqif8+SlUgS9CWtJa70gk+9oobuWfBNIT
9-
VXD4ujO/47nqt2MdRUSSGX+K+9Ox2gyU6kHO1ZrT8VmsL22Bhfa2Pw/3OBL/QHMU
10-
b1hAZyed0CoPCnMqjG0X5zMo3ByGW3TkxG2GhzKCWLGXVbzdHFpS98hpkpaxvIlE
11-
juSYuPItwEftHdB8JHAHL18uDJapZ5mOCuUn/HoZBWOudFjtFQUUzq4eTsB56My4
12-
qDGb1/ReAoGyheuV0fEtg9MJkGEuGrb38JN6hcdfpW5u0Hwb
7+
MA0GCSqGSIb3DQEBCwUAA4IBAQAji33L7enDzhw8qNYLtMxrJuuLAMJeRDO4qYeI
8+
pIJu38K+9RTKG2U/BPPKmdtos/M1NEVJrLqZ/eKHoEU/+u0f1pod3Vh2tAlyB+qp
9+
aGwsg5o07hdB85VDAJ7zwPLFjHtChhhVTS5qOqidaSdVBE0/IFifWBEyHyC7yJDl
10+
dlNY7jmarlmFnpDWmXqAdgMqNlS/t9KN8RtCjiHlF8lF+qjimCWAcfecMmdbAUFC
11+
RFHmo6ENxmcDXQDRVqKAXMzmk/YAe0SCqdT0EsWSvUmRBKdtXSBHAQRz8hl2xI2Z
12+
6CtJXYw6Oy4eA+Ge2JMSRUuEKYwpVSLGdxCoHAkZkz+2rU2X
1313
-----END X509 CRL-----
Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
-----BEGIN X509 CRL-----
22
MIICADCB6QIBATANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZuZ2lueC1wcm94
3-
eS10ZXN0LXN1aXRlFw0yNTAxMDMxMjMwNTBaFw0yNTA3MDIxMjMwNTBaMDIwMAIR
3+
eS10ZXN0LXN1aXRlFw0yNTA3MDkxMDEyNDFaFw0zNTA3MDcxMDEyNDFaMDIwMAIR
44
AK8a1AmezG56vTp5WqtpnScXDTI1MDEwMzEyMzAwN1owDDAKBgNVHRUEAwoBBaBg
55
MF4wXAYDVR0jBFUwU4AU9X5P1mF9ZBIYOSikqH40bUmpgRahJaQjMCExHzAdBgNV
66
BAMMFm5naW54LXByb3h5LXRlc3Qtc3VpdGWCFDb0isAkQpzgE7F2pbikhN0SOn8t
7-
MA0GCSqGSIb3DQEBCwUAA4IBAQCGaKW8kJy1Mznc3T2OHkCx8GudvOo0ZBsZ+pTm
8-
sAnlxDQTIqm8e4gU19WF/SISlfr7qEERqif8+SlUgS9CWtJa70gk+9oobuWfBNIT
9-
VXD4ujO/47nqt2MdRUSSGX+K+9Ox2gyU6kHO1ZrT8VmsL22Bhfa2Pw/3OBL/QHMU
10-
b1hAZyed0CoPCnMqjG0X5zMo3ByGW3TkxG2GhzKCWLGXVbzdHFpS98hpkpaxvIlE
11-
juSYuPItwEftHdB8JHAHL18uDJapZ5mOCuUn/HoZBWOudFjtFQUUzq4eTsB56My4
12-
qDGb1/ReAoGyheuV0fEtg9MJkGEuGrb38JN6hcdfpW5u0Hwb
7+
MA0GCSqGSIb3DQEBCwUAA4IBAQAji33L7enDzhw8qNYLtMxrJuuLAMJeRDO4qYeI
8+
pIJu38K+9RTKG2U/BPPKmdtos/M1NEVJrLqZ/eKHoEU/+u0f1pod3Vh2tAlyB+qp
9+
aGwsg5o07hdB85VDAJ7zwPLFjHtChhhVTS5qOqidaSdVBE0/IFifWBEyHyC7yJDl
10+
dlNY7jmarlmFnpDWmXqAdgMqNlS/t9KN8RtCjiHlF8lF+qjimCWAcfecMmdbAUFC
11+
RFHmo6ENxmcDXQDRVqKAXMzmk/YAe0SCqdT0EsWSvUmRBKdtXSBHAQRz8hl2xI2Z
12+
6CtJXYw6Oy4eA+Ge2JMSRUuEKYwpVSLGdxCoHAkZkz+2rU2X
1313
-----END X509 CRL-----

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy