DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added new auth-tls-match-cn annotation (#8434)

Browse source 
* added new auth-tls-match-cn annotation

* added few more tests
This commit is contained in:
Chris Shino 2022-04-15 15:59:10 -04:00 committed by GitHub
parent 81c2afd975
commit f9372aa495
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 116 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -946,6 +946,14 @@ stream {
set $proxy_upstream_name "-";
{{ if not ( empty $server.CertificateAuth.MatchCN ) }}
{{ if gt (len $server.CertificateAuth.MatchCN) 0 }}
if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
return 403 "client certificate unauthorized";
}
{{ end }}
{{ end }}
{{ if eq $server.Hostname "_" }}
ssl_reject_handshake {{ if $all.Cfg.SSLRejectHandshake }}on{{ else }}off{{ end }};
{{ end }}