fix: do not require a TLS client cert when InsecureSkipVerify is false by kevinpollet · Pull Request #8525 · traefik/traefik

kevinpollet · 2021-10-18T15:53:54Z

What does this PR do?

This PR fixes the behaviour of the CreateTLSConfig method which requires a TLS client cert when the InsecureSkipVerify option is set to false.

The InsecureSkipVerify option is only used to disable the verification of the server certificate and is not related to TLS client authentication.

Motivation

Related to #5604

More

Added/updated tests
Added/updated documentation

Additional Notes

Co-authored-by: Tom Moulard tom.moulard@traefik.io

rtribotte

Thanks 👍

tomMoulard

LGTM 👌

kevinpollet added status/2-needs-review kind/bug/fix a bug fix area/middleware area/provider area/tls labels Oct 18, 2021

kevinpollet added this to the 2.5 milestone Oct 18, 2021

traefiker added area/authentication area/provider/k8s/crd area/provider/k8s size/L labels Oct 18, 2021

kevinpollet mentioned this pull request Oct 18, 2021

ForwardAuth TLS set caOptional=true still ask for client cert and client key #5604

Closed

2 tasks

kevinpollet force-pushed the fix-client-tls-cert branch 2 times, most recently from f6fd18d to 1419fdd Compare October 19, 2021 08:24

kevinpollet removed area/provider/k8s/crd area/provider/k8s area/authentication labels Oct 19, 2021

kevinpollet force-pushed the fix-client-tls-cert branch 2 times, most recently from 9803583 to d377366 Compare October 21, 2021 09:29

rtribotte approved these changes Oct 21, 2021

View reviewed changes

mpl approved these changes Oct 25, 2021

View reviewed changes

tomMoulard approved these changes Oct 26, 2021

View reviewed changes

tomMoulard added status/3-needs-merge and removed status/2-needs-review labels Oct 26, 2021

traefiker added bot/merge-retry-1 status/4-merge-in-progress and removed bot/merge-retry-1 labels Oct 26, 2021

kevinpollet and others added 4 commits October 26, 2021 08:34

refactor: fix typo in TLSCLientCertificateDNInfo struct name

fa0c651

refactor: use ClientTLS type in middlewares config

b0817ae

fix: do not require a TLS cert when InsecureSkipVerify is false

a0ad03d

fmt

cf86fb1

kevinpollet added 3 commits October 26, 2021 08:34

review

bcb1607

review

ced87f1

review: add more context to error

537cf99

traefiker force-pushed the fix-client-tls-cert branch from d5fd18c to 537cf99 Compare October 26, 2021 08:34

traefiker removed the status/4-merge-in-progress label Oct 26, 2021

traefiker merged commit d3ff0c2 into traefik:v2.5 Oct 26, 2021

traefiker removed the status/3-needs-merge label Oct 26, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: do not require a TLS client cert when InsecureSkipVerify is false#8525

fix: do not require a TLS client cert when InsecureSkipVerify is false#8525
traefiker merged 7 commits intotraefik:v2.5from
kevinpollet:fix-client-tls-cert

kevinpollet commented Oct 18, 2021

Uh oh!

rtribotte left a comment

Uh oh!

tomMoulard left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Uh oh!

Conversation

kevinpollet commented Oct 18, 2021

What does this PR do?

Motivation

More

Additional Notes

Uh oh!

rtribotte left a comment

Choose a reason for hiding this comment

Uh oh!

tomMoulard left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants