search

istio-ecosystem / authservice

Move OIDC token acquisition out of your app code and into the Istio mesh
Apache License 2.0
217 stars 63 forks source link

Enable TLS peer verification and add CA root certificates to Docker images #55

Closed sburton84 closed 4 years ago

sburton84 commented 4 years ago

Enables TLS peer verification for connection to upstream IDP services, to ensure the connections are secure. Also adds standard ca_certificates package to the Docker images which is required for verification of the certificate chains.

nickrmc83 commented 4 years ago

/lgtm

nickrmc83 commented 4 years ago

@cfryanr do you want to wait for #54 before merging this?

istio-testing commented 4 years ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: nickrmc83, sburton84 To complete the pull request process, please assign liminw You can assign the PR to them by writing /assign @liminw in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/istio-ecosystem/authservice/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
cfryanr commented 4 years ago

@cfryanr do you want to wait for #54 before merging this?

We’ve been testing against an IDP which has TLS certs signed by a trusted CA, so I don’t think it will effect us to merge this before #54 is implemented.