> On Sep 13, 2015, at 12:02 PM, Vishwas Manral <vishwas.ietf@gmail.com> wrote:
>
> Hi ATS-Gurus,
>
> We are looking at some optional mechanism for ATS to verify the client. Is there a mechanism
in ATS that exists for the same?
You need to set proxy.config.ssl.client.certification_level=1 to have ATS to optionally verify
the client's TLS certificate. This is a global setting.
https://trafficserver.readthedocs.org/en/latest/reference/configuration/records.config.en.html#proxy-config-ssl-client-certification-level
As Sudheer mentioned, you can then use the sslheaders plugin to propagate information from
the client's TLS certificate to downstream consumers.
> We think client certificates or event OAUTH based mechanisms could help with the same.
OAuth can be implemented as a Traffic Server plugin, though I'm not aware of any open source
implementations.
J
|