Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

doc: mark sni.yaml verify_client as Inbound #12114

Merged
merged 1 commit into from
Mar 24, 2025
Merged

doc: mark sni.yaml verify_client as Inbound #12114

merged 1 commit into from
Mar 24, 2025

Conversation

bneradt
Copy link
Contributor

@bneradt bneradt commented Mar 20, 2025

verify_client and verify_client_ca_certs are Inbound configurations rather than Outbound or Both.

@bneradt
doc: mark sni.yaml verify_client as Inbound
0bb8762 
verify_client and verify_client_ca_certs are Inbound configurations
rather than Outbound or Both.
@bneradt bneradt added this to the 10.2.0 milestone Mar 20, 2025
@bneradt bneradt requested a review from maskit March 20, 2025 21:58
@bneradt bneradt self-assigned this Mar 20, 2025
maskit
maskit reviewed Mar 21, 2025
View reviewed changes
doc/admin-guide/files/sni.yaml.en.rst
If ``NONE`` is specified, |TS| requests no certificate. If ``MODERATE`` is specified
|TS| will verify a certificate that is presented by the client, but it will not
fail the TLS handshake if no certificate is presented. If ``STRICT`` is specified
the client must present a certificate during the TLS handshake.

By default this is :ts:cv:`proxy.config.ssl.client.certification_level`.

verify_client_ca_certs Both Specifies an alternate set of certificate authority certs to use to verify the
verify_client_ca_certs Inbound Specifies an alternate set of certificate authority certs to use to verify the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it was originally Outbound (incorrect) and Susan pointed out that it's for Inbound. I'm not sure how it ended up with Both.
#7676

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@masaori335 : you have thoughts? It could be I'm missing something. Should verify_client_ca_certs be Both instead of Inbound?

Thanks.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seem like I made mistakes. It should be Inbound.

masaori335
masaori335 approved these changes Mar 24, 2025
View reviewed changes
Copy link
Contributor

@masaori335 masaori335 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thank you!

@bneradt bneradt merged commit 0ea7b1b into apache:master Mar 24, 2025
15 checks passed
@bneradt bneradt deleted the fix_direction_doc_verify_client branch March 24, 2025 22:12
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@maskit maskit maskit left review comments

@masaori335 masaori335 masaori335 approved these changes

Assignees

@bneradt bneradt

Labels
Documentation TLS
Projects
None yet
Milestone
10.2.0
Development

Successfully merging this pull request may close these issues.
3 participants
@bneradt @maskit @masaori335