-
-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement same client cert check feature #42
Conversation
@@ -63,3 +63,7 @@ Session.vim | |||
*~ | |||
# Auto-generated tag files | |||
tags | |||
|
|||
#IntelliJ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is already existing IJ section at line 10. Merge your entries with it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch ! Indeed this can be merged
@@ -133,6 +133,7 @@ See: | |||
--tls-client-key-password string Password to decrypt rsa private key | |||
--tls-enable Whether or not to use TLS when connecting to the broker | |||
--tls-insecure-skip-verify It controls whether a client verifies the server's certificate chain and host name | |||
--same-client-cert-enable Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate matches brokers client cert (tls-client-cert-file) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should the flag start with "--tls"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- please change "matches" to "exactly matches" to avoid ambiguity.
- reorder sentences:
Controls whether a proxy validates if proxy client certificate exactly matches brokers client cert (tls-client-cert-file). Use only when mutual TLS is enabled on proxy and broker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can do that, no problem
@mantkiewicz - thanks for comments, let's wait for @everesio review and then I will apply necessary changes in one go |
thank you for the PR. |
Implement same client cert check functionality as discussed in #37
Major changes: