workaround
This commit is contained in:
		
					parent
					
						
							
								c765da33db
							
						
					
				
			
			
				commit
				
					
						7e4f4d3488
					
				
			
		
					 2 changed files with 18 additions and 10 deletions
				
			
		
							
								
								
									
										4
									
								
								TODO.md
									
										
									
									
									
								
							
							
						
						
									
										4
									
								
								TODO.md
									
										
									
									
									
								
							|  | @ -7,5 +7,7 @@ | |||
| - Options to serve custom http_error page. | ||||
| - Prometheus metrics | ||||
| - Documentation | ||||
| - Client certificate -> support intermediate certificate. Currently, only supports client certificates directly signed by root CA. | ||||
| - Client certificate | ||||
|   - support intermediate certificate. Currently, only supports client certificates directly signed by root CA. | ||||
|   - split rustls::server::ServerConfig for SNIs | ||||
| - etc. | ||||
|  |  | |||
|  | @ -231,16 +231,22 @@ impl Backends { | |||
|     // debug!("Load certificate chain for {} server_name's", cnt);
 | ||||
| 
 | ||||
|     //////////////
 | ||||
|     // TODO: Client Certs
 | ||||
|     let client_certs_verifier = rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new(client_ca_roots); | ||||
|     // No ClientCert or WithClientCert
 | ||||
|     // let client_certs_verifier = rustls::server::AllowAnyAuthenticatedClient::new(client_ca_roots);
 | ||||
|     let mut server_config = if client_ca_key_ids.is_empty() { | ||||
|       ServerConfig::builder() | ||||
|         .with_safe_defaults() | ||||
|         .with_no_client_auth() | ||||
|         .with_cert_resolver(Arc::new(resolver)) | ||||
|     } else { | ||||
|       // TODO: Client Certs
 | ||||
|       // No ClientCert or WithClientCert
 | ||||
|       // let client_certs_verifier = rustls::server::AllowAnyAuthenticatedClient::new(client_ca_roots);
 | ||||
|       let client_certs_verifier = rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new(client_ca_roots); | ||||
|       ServerConfig::builder() | ||||
|         .with_safe_defaults() | ||||
|         .with_client_cert_verifier(client_certs_verifier) | ||||
|         .with_cert_resolver(Arc::new(resolver)) | ||||
|     }; | ||||
| 
 | ||||
|     let mut server_config = ServerConfig::builder() | ||||
|       .with_safe_defaults() | ||||
|       // .with_no_client_auth()
 | ||||
|       .with_client_cert_verifier(client_certs_verifier) | ||||
|       .with_cert_resolver(Arc::new(resolver)); | ||||
|     //////////////////////////////
 | ||||
| 
 | ||||
|     #[cfg(feature = "http3")] | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Jun Kurihara
				Jun Kurihara