23 lines
798 B
Markdown
23 lines
798 B
Markdown
Enhance TLS listener to support more flexible TLS verifications.
|
|
|
|
- partial_chain support
|
|
|
|
If the option `partial_chain` is set to `true`, allow connections with incomplete certificate chains.
|
|
|
|
Check the configuration manual document for more details.
|
|
|
|
- Certificate KeyUsage Validation
|
|
|
|
Added support for required Extended Key Usage defined in
|
|
[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).
|
|
|
|
Introduced a new option (`verify_peer_ext_key_usage`) to require specific key usages (like "serverAuth")
|
|
in peer certificates during the TLS handshake.
|
|
This strengthens security by ensuring certificates are used for their intended purposes.
|
|
|
|
example:
|
|
"serverAuth,OID:1.3.6.1.5.5.7.3.2"
|
|
|
|
Check the configuration manual document for more details.
|
|
|