Arul Thileeban Sagayam
Arul Thileeban Sagayam
## What would you like to have changed? The current implementation of OCSP stapling in the package lacks configurability to send requests to the CA through a proxy. It would...
**Is your feature request related to a problem? Please describe.** Access to TCP routes through Pomerium is currently accomplished by utilizing HTTP CONNECT between client and Pomerium proxy, where Pomerium...
**Is your feature request related to a problem? Please describe.** Debugging issues related to upstream application access requires analyzing the HTTP(S) traffic, in certain cases. Envoy, acting as a client...
*Title*: Allow OtherName type in SAN matching *Description*: In the current state, Envoy allows only 4 types(EMAIL, DNS, URI, IP_ADDRESS) of SAN against which SAN verification will be performed against....
Commit Message: jwt_authn: Set metadata irrespective of success/failure of JWT Verification Previously, metadata was only set for successful JWT verification, restricting "failed_status_in_metadata". This change removes the condition, allowing both "payload_in_metadata"...
Commit Message: jwt_authn: Add functionality to remove query parameter containing JWT Setting `forward` as `false` in JWT Authn filter config removes the JWT from headers, but doesn't remove JWT from...
Commit Message: Addition of a network filter to respond with a non-SSL failure response for client cert verification failure (close connection abruptly or tarpit) Risk Level: Low Testing: Unit/Integration/Manual Docs...
Commit Message: Bump c-ares library to v1.32.2 Additional Description: Last attempt at version upgrade failed few ARM tests, relating to IPv6-localhost Risk Level: Testing: Docs Changes: Release Notes: Fixes #33138...
Title: Support OtherName(UPN) SAN for mTLS Verification **Is your feature request related to a problem? Please describe.** Currently, Envoy supports SAN value matching against DNS, URI, Email, and IP Address...
Commit Message: jwt_authn: Add logic to refetch JWT on KID mismatch Additional Description: Minimal implementation driven through config to force filter to refetch JWKS when extracted JWT's KID does not...