jon-wei commented on issue #6076: Mutual TLS support URL: https://github.com/apache/incubator-druid/pull/6076#issuecomment-419578370 Added the following changes: - hostname validation and static CRL options for client certificate authentication - Fix for starting mysql on when not using docker-machine with docker overlay2 fs - Negative tests for: - No client cert - Client cert signed by untrusted root - Client cert signed by an intermediate cert that is not a CA - Client cert with wrong hostname - Expired client cert - Client cert has been revoked in static CRL file - Positive test for: - 3-part cert chain (root->intermediate->client cert) - Added two more services to the integration tests: - Router with permissive TLS client auth settings (no hostname verification or revocation) - Router with TLS client auth turned off
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
