GEP-91: Client Certificate Validation for TLS terminating at the Gateway Listener

Github 来源:Kubernetes Gateway API 浏览 38 扫码分享 2024-03-20 18:01:11

GEP-91: Client Certificate Validation for TLS terminating at the Gateway Listener

GEP-91: Client Certificate Validation for TLS terminating at the Gateway Listener

Issue: #91
Status: Provisional

(See definitions in [GEP Status][/contributing/gep#status].)

TLDR

This GEP proposes a way to validate the TLS certificate presented by the downstream client to the server (Gateway Listener in this case) during a TLS Handshake Protocol, also commonly referred to as mutual TLS (mTLS).

Goals

Define an API field to specify the CA Certificate within the Gateway Listener configuration that can be used as a trusted anchor to validate the certificates presented by the client.

Non-Goals

Define other fields that can be used to verify the client certificate such as the Certificate Hash or Subject Alt Name.

References

当前内容版权归 Kubernetes Gateway API 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 Kubernetes Gateway API .

本文档使用 BookStack 构建