Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Will lua tcpsocksslhandshake be able to support mtls? #1781

Open
jeremyjpj0916 opened this issue Sep 11, 2020 · 4 comments
Open

Will lua tcpsocksslhandshake be able to support mtls? #1781

jeremyjpj0916 opened this issue Sep 11, 2020 · 4 comments

Comments

@jeremyjpj0916
Copy link

https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake

Refers to enabling the tcp client being able to validate or ignore TLS validation with a truststore via:
https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate
https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth

Is there any roadmap or potential to also support enabling the client to pass its public certificate to support mutual authentication?
@jeremyjpj0916
Copy link
Author

Oh looks like pending PR here: #997 , but its been ongoing since 2017 and not gotten much love lately </3 .

@EnricoMazzu
Copy link

Hello,

any news on this topic?

@zhuizhuhaomeng
Copy link
Contributor

does mtls have any feature that is lacking in OpenSSL?

@dndx
Copy link
Member

dndx commented Dec 18, 2021

@zhuizhuhaomeng @EnricoMazzu In Kong we have been using:

#1602
openresty/lua-resty-core#278

within our OpenResty build for more than a year in order to have cosocket mTLS support. You can give it a try by patching the changes onto the OpenResty source and build it yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dndx @zhuizhuhaomeng @EnricoMazzu @jeremyjpj0916