lua-nginx-module icon indicating copy to clipboard operation
lua-nginx-module copied to clipboard

Published 20 hours ago verified publisher icon openresty

Will lua tcpsocksslhandshake be able to support mtls?

Open jeremyjpj0916 opened this issue 5 years ago • 4 comments

https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake

Refers to enabling the tcp client being able to validate or ignore TLS validation with a truststore via: https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth

Is there any roadmap or potential to also support enabling the client to pass its public certificate to support mutual authentication?

jeremyjpj0916 avatar Sep 11 '20 18:09 jeremyjpj0916

Oh looks like pending PR here: https://github.com/openresty/lua-nginx-module/pull/997 , but its been ongoing since 2017 and not gotten much love lately </3 .

jeremyjpj0916 avatar Sep 11 '20 18:09 jeremyjpj0916

Hello,

any news on this topic?

EnricoMazzu avatar Dec 16 '21 16:12 EnricoMazzu

does mtls have any feature that is lacking in OpenSSL?

zhuizhuhaomeng avatar Dec 17 '21 05:12 zhuizhuhaomeng

@zhuizhuhaomeng @EnricoMazzu In Kong we have been using:

https://github.com/openresty/lua-nginx-module/pull/1602 https://github.com/openresty/lua-resty-core/pull/278

within our OpenResty build for more than a year in order to have cosocket mTLS support. You can give it a try by patching the changes onto the OpenResty source and build it yourself.

dndx avatar Dec 18 '21 13:12 dndx