Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-11944

Server certificate is never verified in API request for https backend via proxy

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 2.14.4 GA, 2.15.4 GA
    • Apicast Operator
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Important

      In the following environment,

      Web API --(https)--> APIcast --(https)--> Squid --(https)-→ APIbackend(external)

      when proxy is set by Proxy Service policy, API request always works against https backend even if :

      • in APImanager CR, set openSSLVerify: true
      spec:
  apicast:
    openSSLVerify: true
    ...
      • in upstream mTLS policy , set _ verify: true _with invalid ca_certificates

      When invalid ca_ctificates is set in upstream mTLS policy, API request fails if proxy is not used, but it works if proxy is used.

              Unassigned Unassigned
              rhn-support-hmiura Hiroko Miura
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: