Re: [PATCH] relayd client certificate validation again

2021-12-20 Thread Markus Läll
Hi, we've got the patch ready for client certificate validation, cc'ing related people. The patch adds two features: 1. client certificate validation itself 2. passing on certificate and select fields in HTTP headers ## Brief description of client certificates (for whoever else is reading) Clie

Re: [PATCH] relayd client certificate validation again

2021-12-16 Thread Brian Brombacher
Hi, sorry for being a moron. I realize it’s already optional by not specifying client ca… sorry about the noise! > On Dec 16, 2021, at 9:35 PM, Brian Brombacher wrote: > > Hi, not to interrupt development … > > Can you make this completely optional from the servers perspective? I don’t >

Re: [PATCH] relayd client certificate validation again

2021-12-16 Thread Brian Brombacher
Hi, not to interrupt development … Can you make this completely optional from the servers perspective? I don’t want my endpoints validating anonymous client certificates when I run a public endpoint. I’ll just hack it out otherwise, but I think this opens a vector that should be completely op

[PATCH] relayd client certificate validation again

2021-12-16 Thread rivo nurges
Hi! Here comes the support for relayd client certificate validation. Full certificate chain, subject and issuer can be passed over in http headers. It supports mandatory validation and optional validation(if client chooses to provide certificate it will be validated). Part of my sample config.