Skip to content

Will lua tcpsocksslhandshake be able to support mtls? #1781

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
jeremyjpj0916 opened this issue Sep 11, 2020 · 4 comments
Open

Will lua tcpsocksslhandshake be able to support mtls? #1781

jeremyjpj0916 opened this issue Sep 11, 2020 · 4 comments

Comments

@jeremyjpj0916
Copy link

https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake

Refers to enabling the tcp client being able to validate or ignore TLS validation with a truststore via:
https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate
https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth

Is there any roadmap or potential to also support enabling the client to pass its public certificate to support mutual authentication?
@jeremyjpj0916
Copy link
Author

Oh looks like pending PR here: #997 , but its been ongoing since 2017 and not gotten much love lately </3 .

@EnricoMazzu
Copy link

Hello,

any news on this topic?

@zhuizhuhaomeng
Copy link
Contributor

does mtls have any feature that is lacking in OpenSSL?

@dndx
Copy link
Member

dndx commented Dec 18, 2021

@zhuizhuhaomeng @EnricoMazzu In Kong we have been using:

#1602
openresty/lua-resty-core#278

within our OpenResty build for more than a year in order to have cosocket mTLS support. You can give it a try by patching the changes onto the OpenResty source and build it yourself.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dndx @zhuizhuhaomeng @EnricoMazzu @jeremyjpj0916