New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Providing Trusted Leaf Certificates to the Leaf Certificate Verifier #6046
Comments
@mohammed90 I can take a look at this, unless you want to leave it for someone doing their first contribution. |
Go for it! |
Cool. I have a couple of questions though to make sure I understand this right.
|
Per the code here: caddy/modules/caddytls/connpolicy.go Lines 561 to 567 in 4181c79
It'll return an error in the last line
Start by figuring out the JSON first, not the Caddyfile. Consider that the source of the certificates can be from various sources, so it should be pluggable. |
The leaf-certificate verifier in client authentication does not have a way to provide the trusted leaf certificate material without relying no the deprecated field
trusted_leaf_certs
, which was not meant to be the proxy forever and only left around as a bridge for existing users and not to be used after the introduction of the feature in #4389. At the moment, there's no way to configure the"verifier": "leaf"
directly with new behavior only.We should provide a way to provide the trusted certificates to the
tls.client_auth.leaf
module.The text was updated successfully, but these errors were encountered: