This is an automated email from the ASF dual-hosted git repository.
shuyangw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 149b53e feat(stream): allow to set trust certificate (#4651)
149b53e is described below
commit 149b53ed5ad33630c9f8dfdde42264f83a570bc0
Author: 罗泽轩 <[email protected]>
AuthorDate: Fri Jul 23 04:09:58 2021 +0800
feat(stream): allow to set trust certificate (#4651)
Signed-off-by: spacewander <[email protected]>
---
apisix/cli/ngx_tpl.lua | 4 ++++
t/cli/test_stream_config.sh | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua
index d538937..0816fae 100644
--- a/apisix/cli/ngx_tpl.lua
+++ b/apisix/cli/ngx_tpl.lua
@@ -73,6 +73,10 @@ stream {
resolver {% for _, dns_addr in ipairs(dns_resolver or {}) do %}
{*dns_addr*} {% end %} {% if dns_resolver_valid then %}
valid={*dns_resolver_valid*}{% end %};
resolver_timeout {*resolver_timeout*};
+ {% if ssl.ssl_trusted_certificate ~= nil then %}
+ lua_ssl_trusted_certificate {* ssl.ssl_trusted_certificate *};
+ {% end %}
+
# stream configuration snippet starts
{% if stream_configuration_snippet then %}
{* stream_configuration_snippet *}
diff --git a/t/cli/test_stream_config.sh b/t/cli/test_stream_config.sh
index 75f5667..1e0cd2a 100755
--- a/t/cli/test_stream_config.sh
+++ b/t/cli/test_stream_config.sh
@@ -53,3 +53,21 @@ if [ "$count" -ne 2 ]; then
fi
echo "passed: enable stream proxy and http proxy"
+
+echo "
+apisix:
+ ssl:
+ ssl_trusted_certificate: t/certs/mtls_ca.crt
+ stream_proxy:
+ tcp:
+ - addr: 9100
+" > conf/config.yaml
+
+make init
+
+if ! grep "t/certs/mtls_ca.crt;" conf/nginx.conf > /dev/null; then
+ echo "failed: failed to set trust certificate"
+ exit 1
+fi
+
+echo "passed: set trust certificate"
