pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-07-07 11:58:12 +02:00

History

Kenneth Jenkins 5568606f03 config: support client certificate SAN match (#4453 ) Add a new match_subject_alt_names option to the downstream_mtls settings group. This setting can be used to further constrain the allowed client certificates by requiring that certificates contain a Subject Alternative Name of a particular type, matching a particular regex. When set, populate the corresponding match_typed_subject_alt_names setting within Envoy, and also implement a corresponding check in the authorize service.		2023-08-11 13:27:12 -07:00
..
opa	authorize: client cert fingerprint in set_request_headers (#4447 )	2023-08-09 08:34:51 -07:00
config.go	config: support client certificate SAN match (#4453 )	2023-08-11 13:27:12 -07:00
evaluator.go	config: add support for max_verify_depth (#4452 )	2023-08-10 10:05:48 -07:00
evaluator_test.go	config: add new mTLS enforcement setting (#4443 )	2023-08-09 07:53:11 -07:00
functions.go	config: support client certificate SAN match (#4453 )	2023-08-11 13:27:12 -07:00
functions_test.go	config: support client certificate SAN match (#4453 )	2023-08-11 13:27:12 -07:00
gen-test-certs.go	config: support client certificate SAN match (#4453 )	2023-08-11 13:27:12 -07:00
google_cloud_serverless.go	config: remove source, remove deadcode, fix linting issues (#4118 )	2023-04-21 17:25:11 -06:00
google_cloud_serverless_test.go	authorize: move headers and jwt signing to rego (#1856 )	2021-02-08 10:53:21 -07:00
headers_evaluator.go	authorize: client cert fingerprint in set_request_headers (#4447 )	2023-08-09 08:34:51 -07:00
headers_evaluator_test.go	config: support client certificate SAN match (#4453 )	2023-08-11 13:27:12 -07:00
policy_evaluator.go	config: add new mTLS enforcement setting (#4443 )	2023-08-09 07:53:11 -07:00
policy_evaluator_test.go	config: add new mTLS enforcement setting (#4443 )	2023-08-09 07:53:11 -07:00