mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-31 07:19:16 +02:00
231231b351
Add an "enforcement" option to the new downstream mTLS configuration settings group. When not set, or when set to "policy_default_deny", keep the current behavior of adding an invalid_client_certificate rule to all policies. When the enforcement mode is set to just "policy", remove the default invalid_client_certificate rule that would be normally added. When the enforcement mode is set to "reject_connection", configure the Envoy listener with the require_client_certificate setting and remove the ACCEPT_UNTRUSTED option. Add a corresponding field to the Settings proto. |
||
|---|---|---|
| .. | ||
| evaluator | ||
| internal/store | ||
| access_tracker.go | ||
| access_tracker_test.go | ||
| authorize.go | ||
| authorize_test.go | ||
| check_response.go | ||
| check_response_test.go | ||
| databroker.go | ||
| databroker_test.go | ||
| grpc.go | ||
| grpc_test.go | ||
| log.go | ||
| log_test.go | ||
| state.go | ||