Support for client certificate fingerprint whitelist #62
Commits on Aug 20, 2021
-
Remove client_ca_file from tests
client_ca_file is used to validate client certificate. However, in tests, client never present any. Signed-off-by: WGH <wgh@torlan.ru>
-
Add proper tests for TLS client certificates
Add tests cases when the client actually sends a certificate, and check how the server responds to it. The client certificates were generated with this command: openssl req -x509 -newkey ec:<(openssl ecparam -name secp384r1) -keyout client2_selfsigned.key -out client2_selfsigned.pem -nodes -subj '/CN=test2' -days 36500 -addext "extendedKeyUsage = clientAuth" Signed-off-by: WGH <wgh@torlan.ru> -
WIP: Add support for certificate fingerprint whitelist
This is useful for simple setups that don't require full-blown CAs for mutual authentication. Signed-off-by: WGH <wgh@torlan.ru>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.