lijian-sw opened a new issue #6393: URL: https://github.com/apache/apisix/issues/6393
### Issue description Hi, I have seen and tested Apisix can successfully do client authentication based on client SSL certificates. But what I miss in this client certificate authentication is the SAN validation. So in other words, how to ensure Apisix validates the client ip with the value specified in the client certificate (SAN or CN). For what I have tested this validation does not take place, which results in a client certificate which still can be shared and used by multiple clients, are there any options within Apisix to ensure such validation can take place? Am I overlooking something here? ### Environment - apisix version (cmd: `apisix version`): 2.11.0 - OS (cmd: `uname -a`): Linux 3.10.0 - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): openresty/1.19.9.1 - etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): 3.4.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
