area/tlshelp wanted
仓库指标
- Star
- (27,997 star)
- PR 合并指标
- (平均合并 8天) (30 天内合并 378 个 PR)
描述
From https://github.com/envoyproxy/envoy/pull/5207#issuecomment-447345279:
I think that we could simply add
verify_client_certificate: true|check|false, where:
truewould verify the client certificate and reject connection if the verification failed (what we have today),checkwould verify the client certificate, but forward it and the verification status viax-forwarded-client-certor another header (for easier matching), regardless of the verification status,falsewould forward the client certificate to the backend viax-forwarded-client-certwithout attempting to verify it (to avoid crypto operations, do access control at the backend, etc.).