area/tlshelp wanted
Métricas do repositório
- Stars
- (27.997 stars)
- Métricas de merge de PR
- (Mesclagem média 8d) (378 fundiu PRs em 30d)
Description
From https://github.com/envoyproxy/envoy/pull/5207#issuecomment-447345279:
I think that we could simply add
verify_client_certificate: true|check|false, where:
truewould verify the client certificate and reject connection if the verification failed (what we have today),checkwould verify the client certificate, but forward it and the verification status viax-forwarded-client-certor another header (for easier matching), regardless of the verification status,falsewould forward the client certificate to the backend viax-forwarded-client-certwithout attempting to verify it (to avoid crypto operations, do access control at the backend, etc.).