Closed siepkes closed 1 week ago
As discussed the PR was modified to work without a flag.
Currently it still allows someone who is using mTLS to override the HTTP upgrade prefix with the --http-upgrade-path-prefix
flag. I was a bit on the fence about this one. It might be easier to just always set prefix of the CN when mTLS is used. It's a trade-off between functionality and simplicity. I'm deferring to you on that one, since it's your project. Let me know if you want it changed!
This look good to me :) I think it is better to allow the user to override the path prefix if needed, as I was afraid some will end-up being blocked, if they need to change it.
Adds the
--http-upgrade-path-use-cert-cn
flag. This causes the wstunnel client to use the common name (CN) of the client's certificate for the upgrade path.This does not support changing the CN when reloading the certificate. However changing the CN of a client's certificate is un-common when "renewing" (i.e. issuing a new certificate with an extended expiry date) the certificate of a client. Which is the primary use case for the live reload of certificates.