[tls_validation] Return early if no client certificate is presented

3scale · Aug 26, 2024 · 8f93e40 · 8f93e40
1 parent 8f0973d
commit 8f93e40
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/gateway/src/apicast/policy/tls_validation/tls_validation.lua b/gateway/src/apicast/policy/tls_validation/tls_validation.lua
@@ -60,6 +60,11 @@ end
 
 function _M:access()
   local cert = X509.parse_pem_cert(ngx.var.ssl_client_raw_cert)
+  if not cert then
+    ngx.status = self.error_status
+    ngx.say("No required SSL certificate was sent")
+    return ngx.exit(ngx.status)
+  end
   local store = self.x509_store
 
   local ok, err = store:validate_cert(cert)

diff --git a/t/apicast-policy-tls_validation.t b/t/apicast-policy-tls_validation.t
@@ -154,7 +154,7 @@ proxy_pass https://$server_addr:$apicast_port/t;
 proxy_set_header Host test;
 log_by_lua_block { collectgarbage() }
 --- response_body
-Invalid certificate verification context
+No required SSL certificate was sent
 --- error_code: 400
 --- no_error_log
 [error]