Will lua tcpsocksslhandshake be able to support mtls?

[jeremyjpj0916]

https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake

Refers to enabling the tcp client being able to validate or ignore TLS validation with a truststore via:
https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate
https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth

Is there any roadmap or potential to also support enabling the client to pass its public certificate to support mutual authentication?

[jeremyjpj0916]

Oh looks like pending PR here: #997 , but its been ongoing since 2017 and not gotten much love lately </3 .

[EnricoMazzu]

Hello,

any news on this topic?

[zhuizhuhaomeng]

does mtls have any feature that is lacking in OpenSSL?

[dndx]

@zhuizhuhaomeng @EnricoMazzu In Kong we have been using:

#1602
openresty/lua-resty-core#278

within our OpenResty build for more than a year in order to have cosocket mTLS support. You can give it a try by patching the changes onto the OpenResty source and build it yourself.