gloo icon indicating copy to clipboard operation
gloo copied to clipboard

Published 20 hours ago verified publisher icon solo-io

oneWayTls set true still using mtls

Open jaymiracola opened this issue 3 years ago • 2 comments

Gloo Edge Version

1.10.x

Kubernetes Version

1.20.x

Describe the bug

From https://docs.solo.io/gloo-edge/1.7.23/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/ssl.proto.sk/#sslconfig we should be able to set oneWayTls to true to allow a VS to use one way tls even in the presence of the root ca within the accompanied secret. The bug has been reproduced on the mentioned versions above as well as GE 1.11 and K8s 1.22 .

Steps to reproduce the bug

  1. create needed applications to respond
  2. create tls secret including tls.crt, tls.key, and ca.crt
  3. Configure VS with above secret and oneWatTls: true
  4. curl application

Expected Behavior

When oneWayTls is set to true it should no longer prompt the client for a certificate.

Additional Context

No response

jaymiracola avatar Jul 19 '22 20:07 jaymiracola

@jaymiracola do you know priority on this one?

chrisgaun avatar Jul 22 '22 15:07 chrisgaun

@chrisgaun I stopped being able to reproduce locally. I am going to hop on with the customer today to get debug logs and see if I can find out what happened. To answer I suppose it would be low for the moment.

jaymiracola avatar Jul 22 '22 15:07 jaymiracola