Hello folks, I created a PR feat(core) server verification of client certificates by andref5 · Pull Request #7810 · Kong/kong · GitHub for server verification of client certificates, I’m looking for someone to review if this is the kind of functionality/code Kong want.
OpenResty already supports, as we can see this is not a big Kong change. Also, OpenResty does not set “$ssl_verify_client on”, so TLS is not terminated when verification fails and Kong users can examine Nginx variable $ssl_client_verify on plugins later to determine the next steps, adding more options for plugins.