area/tlshelp wanted
Repository metrics
- Stars
- (27,997 stars)
- PR merge metrics
- (Avg merge 8d) (378 merged PRs in 30d)
Description
From https://github.com/envoyproxy/envoy/pull/5207#issuecomment-447345279:
I think that we could simply add
verify_client_certificate: true|check|false, where:
truewould verify the client certificate and reject connection if the verification failed (what we have today),checkwould verify the client certificate, but forward it and the verification status viax-forwarded-client-certor another header (for easier matching), regardless of the verification status,falsewould forward the client certificate to the backend viax-forwarded-client-certwithout attempting to verify it (to avoid crypto operations, do access control at the backend, etc.).