From bdbf356e5532a1cf8ebf5e9724a72a54348a2229 Mon Sep 17 00:00:00 2001 From: Mathieu Ancelin Date: Mon, 28 Aug 2023 13:35:04 +0200 Subject: [PATCH] fix #1691 --- otoroshi/app/netty/config.scala | 6 +++++- otoroshi/build.sbt | 1 + otoroshi/conf/application.conf | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/otoroshi/app/netty/config.scala b/otoroshi/app/netty/config.scala index a7e30c2b8c..b79c0fe66f 100644 --- a/otoroshi/app/netty/config.scala +++ b/otoroshi/app/netty/config.scala @@ -100,7 +100,11 @@ object ReactorNettyServerConfig { .filterNot(_.isEmpty), clientAuth = { val auth = env.configuration - .getOptionalWithFileSupport[String]("otoroshi.ssl.fromOutside.clientAuth") + .getOptionalWithFileSupport[String]("otoroshi.ssl.fromOutside.netty.clientAuth") + .orElse( + env.configuration + .getOptionalWithFileSupport[String]("otoroshi.ssl.fromOutside.clientAuth") + ) .flatMap(ClientAuth.apply) .getOrElse(ClientAuth.None) if (DynamicSSLEngineProvider.logger.isDebugEnabled) diff --git a/otoroshi/build.sbt b/otoroshi/build.sbt index 757ff4517a..2af6048dad 100644 --- a/otoroshi/build.sbt +++ b/otoroshi/build.sbt @@ -335,6 +335,7 @@ reStart / javaOptions ++= Seq( "-Dotoroshi.instance.name=dev", "-Dotoroshi.vaults.enabled=true", "-Dotoroshi.ssl.fromOutside.clientAuth=Want", + //"-Dotoroshi.ssl.fromOutside.clientAuth=Need", "-Dotoroshi.inmemory.modern=true", "-Dotoroshi.wasm.cache.ttl=2000", "-Dotoroshi.next.experimental.netty-server.enabled=true", diff --git a/otoroshi/conf/application.conf b/otoroshi/conf/application.conf index 20506585d4..d68c061d8f 100644 --- a/otoroshi/conf/application.conf +++ b/otoroshi/conf/application.conf @@ -1181,6 +1181,9 @@ otoroshi { clientAuth = "None" clientAuth = ${?SSL_OUTSIDE_CLIENT_AUTH} clientAuth = ${?OTOROSHI_SSL_OUTSIDE_CLIENT_AUTH} + netty { + clientAuth = ${?OTOROSHI_SSL_OUTSIDE_NETTY_CLIENT_AUTH} + } } # the default trust mode trust {