You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/06/09 02:44:14 UTC
[GitHub] [apisix] tokers opened a new issue, #7214: feat: As a user, I want to see a more straightforward response when the client certificate is missing
tokers opened a new issue, #7214:
URL: https://github.com/apache/apisix/issues/7214
### Description
The current response that Apache APISIX returns when the client doesn't provide its certificate (but APISIX requires it) is:
```
HTTP/2 400
date: Thu, 09 Jun 2022 02:29:01 GMT
content-type: text/html; charset=utf-8
content-length: 154
server: APISIX/2.13.1
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>openresty</center>
</body>
</html>
```
The response body doesn't show the fundamental reason. Maybe we can change it to: "missing client certificate".
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #7214: feat: As a user, I want to see a more straightforward response when the client certificate is missing
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #7214:
URL: https://github.com/apache/apisix/issues/7214#issuecomment-1150712842
The latest version of APISIX will reject this client during handshake, so there won't be any HTML response but a `certificate verify failed` error in the error log.
https://github.com/apache/apisix/blob/1b0c182ea007acccaabda3c13d7f4102da3944d9/t/node/client-mtls.t#L306
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #7214: feat: As a user, I want to see a more straightforward response when the client certificate is missing
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #7214: feat: As a user, I want to see a more straightforward response when the client certificate is missing
URL: https://github.com/apache/apisix/issues/7214
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org