Add possibility to specify additional credential source in sanssh to select client cert for mTLS at Proxy level#608
Open
sfc-gh-mjankowski wants to merge 1 commit intomainfrom
Conversation
sfc-gh-mjankowski
changed the title
sfc-gh-mjankowski
force-pushed
the
mjankowski-additional-cred-loader-options
branch
from
9468816 to
28e10b3
Compare
sfc-gh-mjankowski
changed the title
sfc-gh-mjankowski
force-pushed
the
mjankowski-additional-cred-loader-options
branch
3 times, most recently
from
d572256 to
23f268b
Compare
sfc-gh-mjankowski
changed the title
sfc-gh-mjankowski
force-pushed
the
mjankowski-additional-cred-loader-options
branch
4 times, most recently
from
5bcffcb to
a33d359
Compare
…select client cert for mTLS at Proxy level
sfc-gh-mjankowski
force-pushed
the
mjankowski-additional-cred-loader-options
branch
from
a33d359 to
95890d8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Named dialer support for proxy→target credential selection
Adds
force_credentialfield toStartStreamand named dialer infrastructure to the proxy server, allowing clients to request a specific client certificate for the proxy→target mTLS connection.Why
The proxy previously used a single credential for all backend connections. Some target services require a distinct mTLS identity. This change lets operators register multiple credential sources on the proxy and lets clients select one per stream.