github/zot

Fork 0

mirror of https://github.com/project-zot/zot.git synced 2026-06-18 05:28:07 +08:00

Commit Graph

Author	SHA1	Message	Date
Andrei Aaron	4ad3fad3bc	fix: do not reject requests having an Authorization header if basic auth is disabled (#3673 ) See https://github.com/project-zot/zot/issues/3662 Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>	2025-12-23 11:30:22 +02:00
Andrei Aaron	79439bbf63	feat: add configurable mTLS identity extraction with fallback chain (#3640 ) Add support for configurable identity attributes in mTLS authentication, allowing identity extraction from CommonName, Subject DN, Email SAN, URI SAN, or DNSName SAN with fallback chain support. Includes regex pattern matching for URI SANs (e.g., SPIFFE workload IDs). - Add MTLSConfig with identity attributes, URISANPattern, and index fields - Implement extractMTLSIdentity with fallback chain logic - Move the mtls tests in the api package to pkg/api/mtls_test.go Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>	2025-12-18 09:10:47 -08:00

Author

SHA1

Message

Date

Andrei Aaron

4ad3fad3bc

fix: do not reject requests having an Authorization header if basic auth is disabled (#3673 )

See https://github.com/project-zot/zot/issues/3662

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

2025-12-23 11:30:22 +02:00

Andrei Aaron

79439bbf63

feat: add configurable mTLS identity extraction with fallback chain (#3640 )

Add support for configurable identity attributes in mTLS authentication,
allowing identity extraction from CommonName, Subject DN, Email SAN,
URI SAN, or DNSName SAN with fallback chain support. Includes regex
pattern matching for URI SANs (e.g., SPIFFE workload IDs).

- Add MTLSConfig with identity attributes, URISANPattern, and index fields
- Implement extractMTLSIdentity with fallback chain logic
- Move the mtls tests in the api package to pkg/api/mtls_test.go

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

2025-12-18 09:10:47 -08:00

2 Commits