Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ssl): support get upstream cert from ssl object #7221

Merged
merged 15 commits into from
Jun 14, 2022
Merged

feat(ssl): support get upstream cert from ssl object #7221

merged 15 commits into from
Jun 14, 2022

Conversation

soulbird
Copy link
Contributor

@soulbird soulbird commented Jun 9, 2022
edited
Loading

Description

Support get upstream cert from ssl object:
1、Add ssl.type field to indicate the certificate type in the ssl object.
2、Only when ssl.type=="client", the SSL object can be referenced.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@soulbird soulbird marked this pull request as ready for review June 9, 2022 09:37
spacewander
spacewander reviewed Jun 9, 2022
View reviewed changes
apisix/admin/ssl.lua Outdated Show resolved Hide resolved
apisix/init.lua Outdated Show resolved Hide resolved
apisix/schema_def.lua Outdated Show resolved Hide resolved
membphis
membphis reviewed Jun 10, 2022
View reviewed changes
docs/en/latest/admin-api.md
| tls.client_key | optional | Sets the client private key while connecting to a TLS Upstream. | |
| tls.client_cert | optional, can't be used with `tls.client_cert_id` | Sets the client certificate while connecting to a TLS Upstream. | |
| tls.client_key | optional, can't be used with `tls.client_cert_id` | Sets the client private key while connecting to a TLS Upstream. | |
| tls.client_cert_id | optional, can't be used with `tls.client_cert` and `tls.client_key` | Set the referenced [SSL](#ssl) id. | |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tokers pls confirm this first

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem but currently it looks strange as we use an SSL object while the name is client_cert_id.

tokers
tokers reviewed Jun 10, 2022
View reviewed changes
apisix/init.lua Show resolved Hide resolved
docs/en/latest/admin-api.md
| tls.client_key | optional | Sets the client private key while connecting to a TLS Upstream. | |
| tls.client_cert | optional, can't be used with `tls.client_cert_id` | Sets the client certificate while connecting to a TLS Upstream. | |
| tls.client_key | optional, can't be used with `tls.client_cert_id` | Sets the client private key while connecting to a TLS Upstream. | |
| tls.client_cert_id | optional, can't be used with `tls.client_cert` and `tls.client_key` | Set the referenced [SSL](#ssl) id. | |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem but currently it looks strange as we use an SSL object while the name is client_cert_id.

docs/en/latest/admin-api.md Outdated Show resolved Hide resolved
spacewander
spacewander reviewed Jun 10, 2022
View reviewed changes
apisix/upstream.lua Outdated Show resolved Hide resolved
t/node/upstream-mtls.t Show resolved Hide resolved
spacewander
spacewander previously approved these changes Jun 12, 2022
View reviewed changes
@spacewander spacewander merged commit 4581627 into apache:master Jun 14, 2022
hongbinhsu pushed a commit to fitphp/apix that referenced this pull request Jun 16, 2022
Merge branch 'upstream/master' into github/master
4ed81b5 
* upstream/master: (46 commits)
  docs: fix err in batch-processor (apache#7259)
  docs(deployment): sync design to online docs (apache#7256)
  feat(deployment): add structure of traditional role (apache#7249)
  fix(benchmark): write worker_processes into config.yaml (apache#7250)
  docs: correct the repo url (apache#7253)
  feat: Add support for capturing OIDC refresh tokens (apache#7220)
  feat(ssl): support get upstream cert from ssl object (apache#7221)
  chore: validate etcd conf strictly (apache#7245)
  fix(api-response): check response header format (apache#7238)
  fix: duplicate X-Forwarded-Proto will be sent as string (apache#7229)
  fix: distinguish different upstreams even they have the same addr (apache#7213)
  docs: make company on README more preciser (apache#7230)
  test: remove unused required etcd (apache#7225)
  fix: add debug yaml validation (apache#7201)
  change: remove upstream.enable_websocket which is deprecated since 2020 (apache#7222)
  docs: add re case on response-rewrite plugin (apache#7197)
  docs: add API Gateway keyword and AWS graviton3. (apache#7217)
  fix(response-rewrite): schema format error (apache#7212)
  docs(proxy-rewrite): remove empty space (apache#7210)
  chore: require http_stub_status_module exists (apache#7208)
  ...
spacewander pushed a commit that referenced this pull request Jun 30, 2022
@soulbird @spacewander
feat(ssl): support get upstream cert from ssl object (#7221)
82e3ecb 
Co-authored-by: soulbird <zhaothree@gmail.com>
Liu-Junlin pushed a commit to Liu-Junlin/apisix that referenced this pull request Nov 4, 2022
@soulbird @Liu-Junlin
feat(ssl): support get upstream cert from ssl object (apache#7221)
4ab6192 
Co-authored-by: soulbird <zhaothree@gmail.com>
@bzp2010 bzp2010 mentioned this pull request Jan 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@membphis membphis membphis left review comments

@spacewander spacewander spacewander approved these changes

@tzssangglass tzssangglass tzssangglass approved these changes

@tokers tokers Awaiting requested review from tokers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@soulbird @spacewander @membphis @tokers @tzssangglass