laz-xyr commented on issue #12641: URL: https://github.com/apache/apisix/issues/12641#issuecomment-3707763955
> This is a feature-request issue, not a bug. APISIX's health check module was not designed with mTLS in mind: > > 1. Schema level: The health check configuration lacks client certificate-related configuration fields. > 2. Implementation level: The `create_checker` function in `healthcheck_manager.lua` does not read and pass the upstream mTLS certificate configuration to the underlying `resty.healthcheck` library. > > The underlying library already has full mTLS capabilities; however, APISIX does not read the upstream TLS configuration and pass the ssl_cert and ssl_key parameters when calling healthcheck.new I only installed the resty.healthcheck library on openresty, and the result of mtls is working. But I manually modified create_checker and passed the upstream mTLS certificate configuration to the underlying resty.healthcheck library. The result is still the same problem. It's probably that ngx.socket.tcp() has been patched by apisix. I found a piece of code. I'm not sure if it's due to this. Further testing is needed https://github.com/apache/apisix/blob/b4c1527035f020b06e6198131e2dd94ef42dc144/apisix/patch.lua#L267-L330 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
