kore-doc

The kore documentation found under https://docs.kore.io/
Commits | Files | Refs | README | git clone https://git.kore.io/kore-doc.git

commit 7169f55ac28e24dc24f8f45cdfcc87b262f163d3
parent 794568f15551270dbee810c3bebb74423ddf7480
Author: Joris Vink <joris@coders.se>
Date:   Tue,  2 Feb 2021 10:42:10 +0100

Add client authentication

Diffstat:
SUMMARY.md | 1+
applications/clientauth.md | 42++++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/SUMMARY.md b/SUMMARY.md @@ -11,6 +11,7 @@ * [Routes](applications/routes.md) * [Filemaps](applications/filemap.md) * [Automatic HTTPs](applications/acme.md) + * [Client authentication](applications/clientauth.md) * [API](api/README.md) * [Buffers](api/buffers.md) * [Curl](api/curl.md) diff --git a/applications/clientauth.md b/applications/clientauth.md @@ -0,0 +1,42 @@ +# Client Authentication + +Kore supports client authentication if turned on for a given domain. + +If turned on Kore will request an X509 certificate from the client +and verify it against the configured list of trusted certificate authorities. + +## Enabling client authentication (via config) + +In order to turn on client authentication add the **client_verify** and +**client_verify_depth** configuration directives to the domain you wish +to enable it on. + +``` +domain needsauth.example.com { + certfile cert/example.com/server.pem + certkey cert/example.com/key.pem + + # Bundle of trusted certificate authorities and an optional CRL + client_verify cert/cabundle.pem cert/crloptional.pem + + # The verification depth + client_verify_depth 1 +} +``` + +## Enabling client authentication (via Python API) + +You can enable client authentication via the Python API as well by +passing the **client_verify** and **verify_depth** keyword to the domain setup. + +``` +dom = kore.domain("needsauth.example.com", + attach="server", + cert="cert/example.com/server.pem", + key="cert/example.com/key.pem", + client_verify="cert/cabundle.pem", + verify_depth=1 +) +``` + +You currently cannot set CRLs via the Python API.