mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-01 07:50:26 +02:00
231231b351
Add an "enforcement" option to the new downstream mTLS configuration settings group. When not set, or when set to "policy_default_deny", keep the current behavior of adding an invalid_client_certificate rule to all policies. When the enforcement mode is set to just "policy", remove the default invalid_client_certificate rule that would be normally added. When the enforcement mode is set to "reject_connection", configure the Envoy listener with the require_client_certificate setting and remove the ACCEPT_UNTRUSTED option. Add a corresponding field to the Settings proto. |
||
|---|---|---|
| .. | ||
| opa | ||
| config.go | ||
| evaluator.go | ||
| evaluator_test.go | ||
| functions.go | ||
| functions_test.go | ||
| gen-test-certs.go | ||
| google_cloud_serverless.go | ||
| google_cloud_serverless_test.go | ||
| headers_evaluator.go | ||
| headers_evaluator_test.go | ||
| policy_evaluator.go | ||
| policy_evaluator_test.go | ||