kong.client.tls

    Requests client to present its client-side certificate to initiate mutual TLS authentication between server and client.

    This function only requests, but does not require the client to start the mTLS process. Even if the client did not present a client certificate the TLS handshake will still complete (obviously not being mTLS in that case). Whether the client honored the request can be determined using get_full_client_certificate_chain in later phases.

    Phases

    • certificate

    Returns

    1. true if request was received, nil if request failed

    2. nil|err nil if success, or error message if failure

    Usage

    Back to top

    Prevents the TLS session for the current connection from being reused by disabling session ticket and session ID for the current TLS connection.

    • certificate

    Returns

    1. nil|err nil if success, or error message if failure

    Usage

    Returns the PEM encoded downstream client certificate chain with the client certificate at the top and intermediate certificates (if any) at the bottom.

    Phases

    • rewrite, access, balancer, header_filter, body_filter, log

    Returns

    1. PEM-encoded client certificate if mTLS handshake was completed, nil if an error occurred or client did not present its certificate

    Usage

    Back to top

    Overrides client verify result generated by the log serializer.

    By default, the field inside the log generated by Kong’s log serializer is the same as the Nginx variable.

    Only “SUCCESS”, “NONE” or “FAILED:” are accepted values.

    This function does not return anything on success, and throws an Lua error in case of failures.

    Phases

    Usage

    Back to top