feat: support client certificate verification#4034
Merged
spacewander merged 3 commits intoapache:masterfrom Apr 22, 2021
Merged
feat: support client certificate verification#4034spacewander merged 3 commits intoapache:masterfrom
spacewander merged 3 commits intoapache:masterfrom
Conversation
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
membphis
approved these changes
Apr 12, 2021
tokers
reviewed
Apr 13, 2021
apisix/ssl/router/radixtree_sni.lua
Outdated
| end | ||
|
|
||
| if matched_ssl.value.client then | ||
| local client_cert = matched_ssl.value.client.ca |
Contributor
There was a problem hiding this comment.
The name client_cert is confusing, actually, it's the CA cert(s) to verify the client cert. What about ca_cert.
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
Firstsawyou
reviewed
Apr 13, 2021
Comment on lines
+787
to
+788
| | client.ca | False | Certificate| set the CA certificate which will use to verify client. This feature requires OpenResty 1.19+. | | | ||
| | client.depth | False | Certificate| set the verification depth in the client certificates chain, default to 1. This feature requires OpenResty 1.19+. | | |
Contributor
There was a problem hiding this comment.
The first letter should be capitalized. set --> Set
set the CA certificate which will use to verify client.
Member
Author
There was a problem hiding this comment.
None of the description in this table start with uppercase letter.
t/node/client-mtls.t
Outdated
Comment on lines
+208
to
+210
| local ssl_ca_cert = t.read_file("t/certs/mtls_ca.crt") | ||
| local ssl_cert = t.read_file("t/certs/mtls_client.crt") | ||
| local ssl_key = t.read_file("t/certs/mtls_client.key") |
Contributor
There was a problem hiding this comment.
These certificates were not used in this test, I think they can be removed.
tokers
approved these changes
Apr 22, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: spacewander spacewanderlzx@gmail.com
What this PR does / why we need it:
Pre-submission checklist: