Access SSL only with key p12 $ssl_client_verify not works

I’m trying to make access SSL only with key p12
you don’t have key = access denied

Restarting nginx: nginx: [emerg] unknown directive
“if($ssl_client_verify”
in /etc/nginx/sites-enabled/default:144
nginx: configuration file /etc/nginx/nginx.conf test failed

what I’m doing wrong ?

server {
listen 80; ## listen for ipv4; this line is default and
implied

    root /home/xxx/public_html;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name xxx.com www.xxx.com;

    set $cache_uri $request_uri;

    # Make sure files with the following extensions do not get 

loaded by
nginx because nginx would display the source code, and these files can
contain PASSWORDS!
location ~*
.(engine|inc|info|install|make|module|profile|test|po|sh|.sql|theme|tpl(.php)?|xtmpl)$|^(..|Entries.*|Repository|Root|Tag|Template)$|.php_
{
return 444;
}
#passwd
location /wp-admin/ {
auth_basic “Admin area password”;
auth_basic_user_file /etc/nginx/htpasswd;
}
location /wp-login.php {
auth_basic “Admin area password”;
auth_basic_user_file /etc/nginx/htpasswd;
}

#nocgi
location ~* .(pl|cgi|py|sh|lua)$ {
return 444;
}

location ~ /(.|wp-config.php|readme.html|license.txt) { deny all; }

location ~* /(?:|uploads|files)/.(.|php|js|html|tpl|sh)$ {
deny all;
location ~ ^/wp-content/cache/minify/[^/]+/(.
)$ {
try_files $uri
/wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}
location / {
try_files
/wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri
$uri/
/index.php?$args ;
}

POST requests and urls with a query string should always go to PHP

    if ($request_method = POST) {
            set $cache_uri 'null cache';
    }
    if ($query_string != "") {
            set $cache_uri 'null cache';
    }

Don’t cache uris containing the following segments

    if ($request_uri ~*

“(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(index)?.xml|[a-z0-9-]±sitemap([0-9]+)?.xml)”)
{
set $cache_uri ‘null cache’;
}

Don’t use the cache for logged in users or recent commenters

    if ($http_cookie ~*

“comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in”) {
set $cache_uri ‘null cache’;
}
rewrite ^(.)?/?files/(.) /wp-content/blogs.php?file=$2;
if (!-e $request_filename) {
rewrite ^([_0-9a-zA-Z-]+)?(/wp-.) $2 break;
rewrite ^([_0-9a-zA-Z-]+)?(/.
.php)$ $2 last;
rewrite ^ /index.php last;
}
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$
/index.php?sitemap=$1&sitemap_n=$2
last;

    location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in 

php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
include fastcgi_params;
}
}

server {
listen 443 ;
ssl on;
server_name xxx.com www.xxx.com;
root /home/xxx/public_html;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/ca.crt;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_verify_client on;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 5m;

ssl_verify_depth 1;

#location ~* {
if($ssl_client_verify != SUCCESS) ## NOT WORKS
{ return 403;
}
#}
location / {
fastcgi_split_path_info ^(.+.php)(/.+)$;

    fastcgi_pass unix:/var/run/php5-fpm.sock;
   #fastcgi_param  SCRIPT_FILENAME 

/home/xxx/public_html/wp-login.php;
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include fastcgi_params;
}

}

sorry for my english.

Posted at Nginx Forum:

You should place a whitespace between if and opening bracket
-if($ssl_client_verify
+if ($ssl_client_verify

br,
Dmitry Pryadko

thanks. it works.
but not return 403;

https:// works

I want this :

https:// must return 403

p12 + https:// return 200 OK

Posted at Nginx Forum: