oatpp-authkit

History

Uwe Schuster bccd57f47e #5 : add IRuntimeConfig::certAuthTrusted() — gate X-SSL-Client-DN trust New virtual hook on IRuntimeConfig, defaulting to isLoopback() so existing consumers keep their current behaviour. AuthInterceptor now consults certAuthTrusted() (instead of isLoopback() directly) to decide whether to honour an inbound X-SSL-Client-DN header. Operators with an SSH tunnel to a loopback bind, or a non-TLS proxy that forwards X-SSL-Client-DN from untrusted clients, can now override the hook to require additional gating (e.g. an env var, a TLS-only port). Bump to 0.3.5 (additive — no consumer break). Closes #5 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-25 21:39:57 +02:00
..
oatpp-authkit	#5 : add IRuntimeConfig::certAuthTrusted() — gate X-SSL-Client-DN trust	2026-04-25 21:39:57 +02:00

Uwe Schuster bccd57f47e #5 : add IRuntimeConfig::certAuthTrusted() — gate X-SSL-Client-DN trust

New virtual hook on IRuntimeConfig, defaulting to isLoopback() so existing
consumers keep their current behaviour. AuthInterceptor now consults
certAuthTrusted() (instead of isLoopback() directly) to decide whether to
honour an inbound X-SSL-Client-DN header.

Operators with an SSH tunnel to a loopback bind, or a non-TLS proxy that
forwards X-SSL-Client-DN from untrusted clients, can now override the
hook to require additional gating (e.g. an env var, a TLS-only port).

Bump to 0.3.5 (additive — no consumer break).

Closes #5

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-25 21:39:57 +02:00

oatpp-authkit

#5 : add IRuntimeConfig::certAuthTrusted() — gate X-SSL-Client-DN trust

2026-04-25 21:39:57 +02:00