mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 10:56:28 +02:00
0fcc3f16de
Update the isValidClientCertificate() method to consider any client-supplied intermediate certificates. Previously, in order to trust client certificates issued by an intermediate CA, users would need to include that intermediate CA's certificate directly in the client_ca setting. After this change, only the trusted root CA needs to be set: as long as the client can supply a set of certificates that chain back to this trusted root, the client's certificate will validate successfully. Rework the previous CRL checking logic to now consider CRLs for all issuers in the verified chains. |
||
|---|---|---|
| .. | ||
| opa | ||
| config.go | ||
| evaluator.go | ||
| evaluator_test.go | ||
| functions.go | ||
| functions_test.go | ||
| gen-test-certs.go | ||
| google_cloud_serverless.go | ||
| google_cloud_serverless_test.go | ||
| headers_evaluator.go | ||
| headers_evaluator_test.go | ||
| policy_evaluator.go | ||
| policy_evaluator_test.go | ||