You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by gi...@git.apache.org on 2017/06/27 07:43:49 UTC

[GitHub] ningyougang commented on issue #2427: Support client certificate on cli and nginx

ningyougang commented on issue #2427: Support client certificate on cli and nginx
URL: https://github.com/apache/incubator-openwhisk/pull/2427#issuecomment-311279664
 
 
   This commit just increases the security of auth using `wsk -i property set --cert
   openwhisk-client-cert.pem --key openwhisk-client-key.pem --auth XXX...`.But for controller side, i don't know whether there has need to ignore --auth parameter verify if user passes client certificate. the whole logic may like this
   * When use `wsk -i property --cert cert.pem --key key.pem............`, the controller will ignore `--auth` verfiy, directly passed, because already verify client certificate by nginx, so there has no need to verify auth key.
   * keep original logic for authenticate, if execute like this `wsk -i property --auth ${auth}.....`
   
   So, guys, what's your opinion for above controller side's logic for client certificate?
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services