Clarify cert verification for External Service TLS

[slonka]

Description

We should backfill https://github.com/slonka/external-service-with-own-cert (that I created to try to reproduce an issue reported on slack) as an E2E test in Kuma.

[jakubdyszkiewicz]

Triage: Is it not covered by It("should route to external-service over tls", ?

[slonka]

I think curl will use Common Name if SAN DNS is not available and we will reject that, so maybe we don't need to backfill an e2e test but update the docs.

[jakubdyszkiewicz]

Triage: clarify in docs that we Kuma only uses SAN to verify certs and curl fallbacks to CN

[github-actions[bot]]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions[bot]]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions[bot]]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions[bot]]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions[bot]]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions[bot]]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.