Arul Thileeban Sagayam
Arul Thileeban Sagayam
Yeah. In our environment, certmagic is used along with a reverse proxy which has multiple outbound connections to different network zones. Defining an environment variable would route all outbound connections...
Thanks, Matt. I'll try it out
Most of what you have mentioned makes sense. Just a few points of discussion: For Caveat 1, In our internal POC patching against pomerium, we were able to use HTTP1...
@kenjenkins We did this POC a year back and I'm not able to get the previous setup/config. I'll try setting up a fresh one to test this more. However, I...
We have an internal patch for this. I'd be happy to raise a PR
@desimone Any thoughts on this? I also see #5043 which could solve this problem as well.
Noticing similar behavior. Could this be looked into?
I'm not sure if the boringSSL docs are clear about "SSL_VERIFY_PEER" errors being fatal. AFAIK it should be used in conjunction with "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" to fail if cert isn't presented (which...
AFAIK there is no straightforward way to look into the cache. An indirect way would be to investigate debug logs. They would produce similar logs as below which would indicate...
I looked at the implementation for the typed SAN matching and it looks like OtherName idea was dropped due to inability to generalize it #18628 . That issue still stands....