Armin Abfalterer
Armin Abfalterer
> One of the stack traces you show is a from a child exiting. Just to confirm that we are investigating the right thing: can you confirm crashes without the...
> Can you compile the mod_md from 2.4.53 in the 2.4.54 into your test server to check that the problems disappear? That would lay the blame solely at my door......
Oh, I made a mistake building httpd 2.4.54 with mod_md from 2.4.53... I did it again and I have to revise my statement: indeed, with mod_md 2.4.53 the problem did...
> Thanks, this looks like a good change. > > Needs DCO fixed: https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md#fixing-dco DCO is fixed
> Can you fix it so it's just the one file change again, against main? it's now one commit against main, is that ok?
> not sure it detracts from the issue presented as its the same host, but the oauth filter doesnt communicate with the `authorizationEndpoint` it merely redirects the user there -...
I carried out additional tests with the oauth2 filter and was able to prove that setting _sni_ on the [UpstreamTlsContext](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/tls.proto#extensions-transport-sockets-tls-v3-upstreamtlscontext) forces certificates to be verified against _trusted_ca_.
> great @arminabf can we close this ticket ? the documentation doesn't say that the certificate checks only take place when SNI is set, so I think I'm not the...