Skip to content

Further secure TLS communications #96

Description

@saroshali-dbx

Currently when using TLS, the servers will accept requests from any client that has a certificate signed by the specified Certificate Authority. As such, I'd like to see custom server certificate validation supported. This will help enforce deny-by-default.

I'd like to be able to pass a flag, such as -cert-allowed-cn, that can be used to create a custom VerifyPeerCertificate (part of the crypto/tls package) and can be passed as a callback directly to the tls config. All this function needs to do is verify that the seen common-name is the same as the expected common-name.

Willing to submit a PR if the maintainers think this is a good idea. Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions