3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-02 19:04:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

policy: add new certificate-authority option for downstream mTLS client certificates (#1835)

Browse source 
* policy: add new certificate-authority option for downstream mTLS client certificates

* update proto, docs
This commit is contained in:
Caleb Doxsey 2021-02-01 08:10:32 -07:00 committed by GitHub
parent 8e3404e7be
commit cc85ea601d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 490 additions and 406 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/options.go
View file

@ -6,6 +6,7 @@ import (
"encoding/base64"
"errors"
"fmt"
"io/ioutil"
"net/url"
"os"
"path/filepath"
@ -634,9 +635,11 @@ func (o *Options) Validate() error {
}
if o.ClientCAFile != "" {
if _, err := os.Stat(o.ClientCAFile); err != nil {
bs, err := ioutil.ReadFile(o.ClientCAFile)
if err != nil {
return fmt.Errorf("config: bad client ca file: %w", err)
}
o.ClientCA = base64.StdEncoding.EncodeToString(bs)
}
// if no service account was defined, there should not be any policies that