3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-12 14:28:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/pkg/grpc/config
History
Kenneth Jenkins de68e37bc3
config: add new mTLS enforcement setting (#4443) 
Add an "enforcement" option to the new downstream mTLS configuration
settings group.

When not set, or when set to "policy_default_deny", keep the current
behavior of adding an invalid_client_certificate rule to all policies.

When the enforcement mode is set to just "policy", remove the default
invalid_client_certificate rule that would be normally added.

When the enforcement mode is set to "reject_connection", configure the
Envoy listener with the require_client_certificate setting and remove
the ACCEPT_UNTRUSTED option.

Add a corresponding field to the Settings proto.
2023-08-09 07:53:11 -07:00
..
config.go authorize: add support for passing access or id token upstream (#3047) 2022-02-17 09:28:31 -07:00
config.pb.go config: add new mTLS enforcement setting (#4443) 2023-08-09 07:53:11 -07:00
config.proto config: add new mTLS enforcement setting (#4443) 2023-08-09 07:53:11 -07:00