From d62ca6f70ce8eeef9f6f2eefd72ca185ee6930b7 Mon Sep 17 00:00:00 2001 From: Valery Piashchynski Date: Thu, 19 May 2022 11:01:50 +0200 Subject: update .rr.yaml and schema Signed-off-by: Valery Piashchynski --- .rr.yaml | 7 ++++++- schemas/config/2.0.schema.json | 12 ++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.rr.yaml b/.rr.yaml index b6c84119..d797e4ce 100644 --- a/.rr.yaml +++ b/.rr.yaml @@ -800,9 +800,14 @@ http: # Path to the root certificate authority file. # - # This option is optional. + # This option is optional (required for the mTLS). root_ca: /ssl/root.crt + # Client auth type (mTLS) + # + # This option is optional. Default value: no_client_certs. Possible values: request_client_cert, require_any_client_cert, verify_client_cert_if_given, require_and_verify_client_cert, no_client_certs + client_auth_type: no_client_certs + # FastCGI frontend support. fcgi: # FastCGI connection DSN. Supported TCP and Unix sockets. An empty value disables this. diff --git a/schemas/config/2.0.schema.json b/schemas/config/2.0.schema.json index 7c08c392..63f94ab3 100644 --- a/schemas/config/2.0.schema.json +++ b/schemas/config/2.0.schema.json @@ -692,6 +692,18 @@ "examples": [ "/ssl/root.crt" ] + }, + "client_auth_type": { + "description": "Client auth type", + "type": "string", + "default": "no_client_certs", + "enum": [ + "request_client_cert", + "require_any_client_cert", + "verify_client_cert_if_given", + "no_client_certs", + "require_and_verify_client_cert" + ] } }, "required": [ -- cgit v1.2.3