grpc_ssl_verify_depth

The grpc_ssl_verify_depth directive is used within the NGINX configuration to specify the maximum number of intermediate certificates that can be present in the SSL verification chain when processing gRPC requests. This directive is particularly relevant when dealing with gRPC over SSL, as it helps in controlling the certificate validation process and stopping potential loops or excessive depth in certificate verification. By setting this directive, administrators can ensure that clients are connected to the intended servers while maintaining a balance between security and operational performance.

The directive takes an integer value that defines the maximum depth allowed for the SSL certificate verification. For instance, if set to '3', the certificate chain can contain up to three intermediate certificates before the trust anchor is reached. This is useful in configurations where multiple certificates are issued and the depth of the chain needs to be managed to prevent overflow beyond established requirements. Additionally, if the verification depth exceeds this limit, NGINX will fail the connection, thereby enhancing security policy enforcement without leading to an excessive burden on the verification process.

This directive can be specified in various contexts including http, server, and location, allowing for fine-grained control depending on the scope of the configuration. It is essential to tailor this value based on the known certificate structure in use on the server-side and client-side.