Release date 2024/05/28
Feature
-
Add
default_consumer
option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.
Release date 2024/05/28
Add default_consumer
option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.
Release date 2024/05/14
Add default_consumer
option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.
Release date 2024/02/12
Mtls-auth print notice log if revocation check fails with revocation_check_mode = IGNORE_CA_ERROR
Release date 2024/05/20
Add default_consumer
option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.
Release date 2023/11/08
mtls-auth should not cache the network failure when doing revocation check
Release date 2024/12/17
Fixed an issue where a 500 error occurs when the configuration changes with the mTLS plugin enabled.
Release date 2024/03/21
Add default_consumer
option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.
Release date 2023/09/28
mtls-auth should not cache the network failure when doing revocation check
Release date 2023/08/09
Fixed several revocation verification issues:
revocation_check_mode=IGNORE_CA_ERROR
, then the CRL revocation failure will be ignored.no issuer certificate in chain
error if the client only sent a leaf certificate.http_timeout
wasn’t correctly set.If revocation_check_mode=IGNORE_CA_ERROR
, then the CRL revocation failure will be ignored.
Once a CRL is added into the store, it will always do CRL revocation check with this CRL file.
OCSP verification failed with no issuer certificate in chain
error if the client only sent a leaf certificate.
http_timeout
wasn’t correctly set.
Optimized CRL revocation verification.
Fixed an issue that would cause an unexpected error when skip_consumer_lookup
is enabled and authenticated_group_by
is set to null
.
Release date 2023/10/12
Fixed an issue that caused the plugin to cache network failures when running certificate revocation checks.
Release date 2023/01/24
Fixed an issue where the plugin used the old route caches after routes were updated.
Release date 2022/12/06
The anonymous
field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.
Added the config.send_ca_dn
configuration parameter to support sending CA DNs in the CertificateRequest
message during SSL handshakes.
Added the allow_partial_chain
configuration parameter to allow certificate verification with only an intermediate certificate.
Release date 2022/09/09
Introduced certificate revocation list (CRL) and OCSP server support with the following parameters: http_proxy_host
, http_proxy_port
, https_proxy_host
, and https_proxy_port
.
Updated the priority for some plugins.: mtls-auth
changed from 1006
to 1600
Release date 2023/11/28
mtls-auth should not cache the network failure when doing revocation check
Release date 2023/03/28
Fixed an issue where the plugin used the old route caches after routes were updated.
Release date 2022/11/21
Fixed an issue where the plugin was causing requests to silently fail on Kong Gateway data planes.