3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-19 09:38:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

add mTLS UserPrincipalName SAN match (#5177)

Browse source 
Add a new 'user_principal_name' type to the downstream mTLS
match_subject_alt_names option. This corresponds to the 'OtherName' type
with type-id 1.3.6.1.4.1.311.20.2.3 and a UTF8String value.
Add support for UserPrincipalName SAN matching to the policy evaluator.
This commit is contained in:
Kenneth Jenkins 2024-07-26 10:23:19 -07:00 committed by GitHub
parent b0606d9283
commit dbedfc586f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 416 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

1
config/mtls_test.go
View file

@ -178,6 +178,7 @@ func TestDownstreamMTLSSettingsValidate(t *testing.T) {
{Type: "email", Pattern: `.*@\.example\.com`},
{Type: "ip_address", Pattern: `192\.168\.0\..*`},
{Type: "uri", Pattern: `spiffe://example.com/department/.*`},
{Type: "user_principal_name", Pattern: `username@realm`},
},
}, ""},
}