Expand Client Auth Type configuration

2019-07-12 17:50:04 +02:00 · 2019-07-12 17:50:04 +02:00 · 2c7cfd1c68
commit 2c7cfd1c68
parent 7a4b4c941c
31 changed files with 304 additions and 151 deletions
--- a/integration/fixtures/https/clientca/https_1ca1config.toml
+++ b/integration/fixtures/https/clientca/https_1ca1config.toml
@ -47,6 +47,6 @@
  keyFile = "fixtures/https/snitest.org.key"

 [tls.options]
-  [tls.options.default.ClientCA]
-    files = ["fixtures/https/clientca/ca1.crt"]
-    optional = true
+  [tls.options.default.clientAuth]
+    caFiles = ["fixtures/https/clientca/ca1.crt"]
+    clientAuthType = "VerifyClientCertIfGiven"
--- a/integration/fixtures/https/clientca/https_2ca1config.toml
+++ b/integration/fixtures/https/clientca/https_2ca1config.toml
@ -47,5 +47,5 @@
  keyFile = "fixtures/https/snitest.org.key"

 [tls.options]
-  [tls.options.default.clientCA]
-    files = ["fixtures/https/clientca/ca1and2.crt"]
+  [tls.options.default.clientAuth]
+    caFiles = ["fixtures/https/clientca/ca1and2.crt"]
--- a/integration/fixtures/https/clientca/https_2ca2config.toml
+++ b/integration/fixtures/https/clientca/https_2ca2config.toml
@ -46,6 +46,6 @@
  keyFile = "fixtures/https/snitest.org.key"

 [tls.options]
-  [tls.options.default.clientCA]
-    files = ["fixtures/https/clientca/ca1.crt", "fixtures/https/clientca/ca2.crt"]
-    optional = false
+  [tls.options.default.clientAuth]
+    caFiles = ["fixtures/https/clientca/ca1.crt", "fixtures/https/clientca/ca2.crt"]
+    clientAuthType = "RequireAndVerifyClientCert"
--- a/integration/fixtures/https/https_tls_options.toml
+++ b/integration/fixtures/https/https_tls_options.toml
@ -69,13 +69,13 @@
 [tls.options]

  [tls.options.foo]
-    minversion = "VersionTLS11"
+    minVersion = "VersionTLS11"

  [tls.options.baz]
-    minversion = "VersionTLS11"
+    minVersion = "VersionTLS11"

  [tls.options.bar]
-    minversion = "VersionTLS12"
+    minVersion = "VersionTLS12"

  [tls.options.default]
-    minversion = "VersionTLS12"
+    minVersion = "VersionTLS12"
--- a/integration/fixtures/k8s/03-tlsoption.yml
+++ b/integration/fixtures/k8s/03-tlsoption.yml
@ -5,8 +5,8 @@ metadata:
  namespace: default

 spec:
-  minversion: VersionTLS12
-  snistrict: true
-  ciphersuites:
+  minVersion: VersionTLS12
+  sniStrict: true
+  cipherSuites:
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
--- a/integration/fixtures/tcp/multi-tls-options.toml
+++ b/integration/fixtures/tcp/multi-tls-options.toml
@ -40,7 +40,7 @@
 [tls.options]

  [tls.options.foo]
-    minversion = "VersionTLS11"
+    minVersion = "VersionTLS11"

  [tls.options.bar]
-    minversion = "VersionTLS12"
+    minVersion = "VersionTLS12"
--- a/integration/fixtures/tlsclientheaders/simple.toml
+++ b/integration/fixtures/tlsclientheaders/simple.toml
@ -23,9 +23,9 @@
 ## dynamic configuration ##

 [tls.options]
-  [tls.options.default.clientCA]
-    files = [ """{{ .RootCertContent }}""" ]
-    optional = false
+  [tls.options.default.clientAuth]
+    caFiles = [ """{{ .RootCertContent }}""" ]
+    clientAuthType = "RequireAndVerifyClientCert"

 [tls.stores]
  [tls.stores.default.defaultCertificate]