mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-08 12:28:18 +02:00
de68e37bc3
Add an "enforcement" option to the new downstream mTLS configuration settings group. When not set, or when set to "policy_default_deny", keep the current behavior of adding an invalid_client_certificate rule to all policies. When the enforcement mode is set to just "policy", remove the default invalid_client_certificate rule that would be normally added. When the enforcement mode is set to "reject_connection", configure the Envoy listener with the require_client_certificate setting and remove the ACCEPT_UNTRUSTED option. Add a corresponding field to the Settings proto. |
||
|---|---|---|
| .. | ||
| audit | ||
| cli | ||
| config | ||
| crypt | ||
| databroker | ||
| device | ||
| events | ||
| identity | ||
| registry | ||
| session | ||
| testdata | ||
| user | ||
| client.go | ||
| client_test.go | ||
| docs.go | ||
| health.go | ||
| protoc.bash | ||