ningyougang commented on issue #2427: Support client certificate on cli and nginx URL: https://github.com/apache/incubator-openwhisk/pull/2427#issuecomment-311569780 @rabbah ,for your two suggestions * should we perhaps generate these as part of the setup rather that store them. i know it's convenient and it does take a few seconds to get a key. answer: I have add the key generate script, so key/csr/cert generated flow is fully, if users don't want to use the default client certificate which system provides, they can generate client certificate by themselves refer to genssl.sh script. * can you add a test you can add that actually uses the client cert? answer: I think there has no need to add the test, because this test case: https://github.com/ningyougang/incubator-openwhisk/blob/support-client-certificate/tests/src/test/scala/whisk/core/cli/test/WskBasicUsageTests.scala#L96 can verify the client certificate by nginx whether right. when execute this test case, it will execute `wsk -i property set --cert XX --key XX --auth XX --namespace XX --apihost XX`, this cmd will add cert, key to request, see here: https://github.com/ningyougang/incubator-openwhisk/blob/support-client-certificate/tools/cli/go-whisk/whisk/client.go#L87 ,after build Authorization in request Header, it will send the quest to https://${apihost}/api/v1/namespaces, then nginx will deal the request, verfiy the client certificate whether right, if it is right, the test case running result will be PASSED, if the client certificate is not right, the test case running result will be FAILED ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
With regards, Apache Git Services
