For authorization of outgoing requests from Slack, slack supports a signature based on a shared signature as well as mutual TLS. The signature validates that you know the shared secret and sent the message within a certain time frame. The issue comes in that the shared secret might be known by other members who have access to the slack app. Mutual TLS corrects this problem by verifying that the request does come from a slack server.
This diff (along with an nginx config change) implements mutual TLS. It verifies that the certificate is valid and that it applies to the correct domain. Nginx handles verifying that the certificate is signed by the correct CA.
For authorization of outgoing requests from Slack, slack supports a signature based on a shared signature as well as mutual TLS. The signature validates that you know the shared secret and sent the message within a certain time frame. The issue comes in that the shared secret might be known by other members who have access to the slack app. Mutual TLS corrects this problem by verifying that the request does come from a slack server.
This diff (along with an nginx config change) implements mutual TLS. It verifies that the certificate is valid and that it applies to the correct domain. Nginx handles verifying that the certificate is signed by the correct CA.