You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/04/21 06:35:51 UTC

[GitHub] [apisix] whioue opened a new issue, #6896: bug: mtls does not take effect

whioue opened a new issue, #6896:
URL: https://github.com/apache/apisix/issues/6896

   ### Current Behavior
   
   配置 ssl 资源同时配置了 client.ca 和 client.depth 参数，在upstream配置了client_cert和client_key。使用浏览器访问时并未配置对应证书，第一次响应返回400，查看日志发现错误：client certificate was not present，此现象正常；紧接着第二次再次访问发现可以获取到后置服务正常响应。
   
   ### Expected Behavior
   
   期望使用浏览器在未携带对应双向认证证书时，不能正常获取到响应结果。
   
   ### Error Logs
   
   client certificate was not present
   
   ### Steps to Reproduce
   
   1.配置路由并添加upstream，在upstream中配置client_cert和client_key
   2.配置 ssl 资源同时配置了 client.ca 和 client.depth 参数
   3.使用谷歌浏览器访问，第一次响应400，第二次正常获取到结果
   
   ### Environment
   
   - APISIX version (run `apisix version`): V2.8
   - Operating system (run `uname -a`):  Centos7
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] whioue commented on issue #6896: bug: mtls does not take effect

Posted by GitBox <gi...@apache.org>.

whioue commented on issue #6896:
URL: https://github.com/apache/apisix/issues/6896#issuecomment-1105946551

   > Could you update to version 2.13 and try again？
   
   it can be reproduced，I think it's probably the first time the browser makes a request that it will execute SSL_ certificate_ by_ lua_ block Caused，Personal views, for reference only


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] whioue commented on issue #6896: bug: mtls does not take effect

Posted by GitBox <gi...@apache.org>.

whioue commented on issue #6896:
URL: https://github.com/apache/apisix/issues/6896#issuecomment-1105948060

   > Could you update to version 2.13 and try again？
   it can be reproduced，I think it's probably only the first time the browser makes a request that it will execute SSL_ certificate_ by_ lua_ block，Subsequent requests are not executed SSL_ certificate_ by_ lua_ block caused，Personal views, for reference only
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on issue #6896: bug: mtls does not take effect

Posted by GitBox <gi...@apache.org>.

spacewander commented on issue #6896:
URL: https://github.com/apache/apisix/issues/6896#issuecomment-1105925153

   OK, it can be reproduced under the master branch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander closed issue #6896: bug: mtls does not take effect

Posted by GitBox <gi...@apache.org>.

spacewander closed issue #6896: bug: mtls does not take effect
URL: https://github.com/apache/apisix/issues/6896


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] soulbird commented on issue #6896: bug: mtls does not take effect

Posted by GitBox <gi...@apache.org>.

soulbird commented on issue #6896:
URL: https://github.com/apache/apisix/issues/6896#issuecomment-1104968841

   Could you update to version 2.13 and try again？


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org