Adds correct support for TLS Muthual autentication and depth verification
modified: controllers/nginx/configuration.md modified: controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl modified: core/pkg/ingress/annotations/authtls/main.go modified: core/pkg/ingress/controller/backend_ssl.go modified: core/pkg/ingress/controller/controller.go modified: core/pkg/ingress/controller/util_test.go modified: core/pkg/ingress/resolver/main.go modified: core/pkg/ingress/types.go modified: core/pkg/net/ssl/ssl.go modified: examples/PREREQUISITES.md new file: examples/auth/client-certs/nginx/README.md new file: examples/auth/client-certs/nginx/nginx-tls-auth.yaml
This commit is contained in:
Ricardo Pchevuzinske Katz
parent
f5e005f84f
commit
a342c0bce3
12 changed files with 349 additions and 52 deletions
|
|
@ -37,8 +37,6 @@ type Secret interface {
|
|||
// AuthCertificate resolves a given secret name into an SSL certificate.
|
||||
// The secret must contain 3 keys named:
|
||||
// ca.crt: contains the certificate chain used for authentication
|
||||
// tls.crt: (ignored) contains the tls certificate chain, or any other valid base64 data
|
||||
// tls.key: (ignored) contains the tls secret key, or any other valid base64 data
|
||||
type AuthCertificate interface {
|
||||
GetAuthCertificate(string) (*AuthSSLCert, error)
|
||||
}
|
||||
|
|
@ -48,10 +46,6 @@ type AuthCertificate interface {
|
|||
type AuthSSLCert struct {
|
||||
// Secret contains the name of the secret this was fetched from
|
||||
Secret string `json:"secret"`
|
||||
// CertFileName contains the filename the secret's 'tls.crt' was saved to
|
||||
CertFileName string `json:"certFilename"`
|
||||
// KeyFileName contains the path the secret's 'tls.key'
|
||||
KeyFileName string `json:"keyFilename"`
|
||||
// CAFileName contains the path to the secrets 'ca.crt'
|
||||
CAFileName string `json:"caFilename"`
|
||||
// PemSHA contains the SHA1 hash of the 'tls.crt' value
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue