Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls_disable_client_certs missing from listener tcp stanza #4

Closed
manderson-it opened this issue Dec 11, 2020 · 0 comments
Closed

tls_disable_client_certs missing from listener tcp stanza #4

manderson-it opened this issue Dec 11, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@manderson-it
Copy link
Collaborator

Suggest to add conditional on new Boolean var (maybe vault_tls_disable_client_certs) for tls_disable_client_certs.
Currently not present at all, which makes Vault request client certificates from everyone. This is likely in most use-cases not required and can be problematic for LB health checks against Vault when the LB doesn't send Vault a proper cert.

tls_disable_client_certs = "false"
manderson-it pushed a commit that referenced this issue Dec 14, 2020
fixes #3 and #4
79fd2d8
@manderson-it manderson-it mentioned this issue Dec 14, 2020
Merged
@manderson-it manderson-it added the enhancement New feature or request label Dec 14, 2020
jacobmammoliti pushed a commit that referenced this issue Dec 14, 2020
Merge pull request #5 from arctiqjacob/marek-tls-and-systemd
1afedc3 
fixes #3 and #4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manderson-it @jacobmammoliti