3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-23 03:29:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: add support for max_verify_depth

Browse source 
Add a new max_verify_depth option to the downstream_mtls settings group,
with a default value of 1 (to match the behavior of current Pomerium
releases).

Populate the corresponding setting within Envoy, and also implement a
depth check within isValidClientCertificate() in the authorize service.
This commit is contained in:
Kenneth Jenkins 2023-08-09 13:37:13 -07:00
parent 0fcc3f16de
commit e8509c50b4
9 changed files with 147 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

18
config/mtls_test.go
View file

@ -95,6 +95,24 @@ func TestDownstreamMTLSSettingsGetEnforcement(t *testing.T) {
}
}
func TestDownstreamMTLSSettingsGetMaxVerifyDepth(t *testing.T) {
t.Parallel()
// MaxVerifyDepth should default to 1 if not set explicitly.
var s DownstreamMTLSSettings
assert.Equal(t, uint32(1), s.GetMaxVerifyDepth())
var maxVerifyDepth uint32
s.MaxVerifyDepth = &maxVerifyDepth
assert.Equal(t, uint32(0), s.GetMaxVerifyDepth())
maxVerifyDepth = 1
assert.Equal(t, uint32(1), s.GetMaxVerifyDepth())
maxVerifyDepth = 1000
assert.Equal(t, uint32(1000), s.GetMaxVerifyDepth())
}
func TestDownstreamMTLSSettingsValidate(t *testing.T) {
t.Parallel()