jeremyjpj0916
commented
4 years ago Oh looks like pending PR here: https://github.com/openresty/lua-nginx-module/pull/997 , but its been ongoing since 2017 and not gotten much love lately </3 .
Open jeremyjpj0916 opened 4 years ago
jeremyjpj0916
commented
4 years ago Oh looks like pending PR here: https://github.com/openresty/lua-nginx-module/pull/997 , but its been ongoing since 2017 and not gotten much love lately </3 .
EnricoMazzu
commented
2 years ago Hello,
any news on this topic?
zhuizhuhaomeng
commented
2 years ago does mtls have any feature that is lacking in OpenSSL?
dndx
commented
2 years ago @zhuizhuhaomeng @EnricoMazzu In Kong we have been using:
https://github.com/openresty/lua-nginx-module/pull/1602 https://github.com/openresty/lua-resty-core/pull/278
within our OpenResty build for more than a year in order to have cosocket mTLS support. You can give it a try by patching the changes onto the OpenResty source and build it yourself.
https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake
Refers to enabling the tcp client being able to validate or ignore TLS validation with a truststore via: https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth
Is there any roadmap or potential to also support enabling the client to pass its public certificate to support mutual authentication?