'Spring Cloud Gateway : client certificate hostname validation

Does someone know how to turn on client certificate hostname verification in Spring Cloud Gateway?

I know that Netty 4.* by default doesn't verify client certificate's hostname (https://github.com/netty/netty/issues/10362). I'm able to tweak configuration and enable the host verification.

However, created SSLEngine doesn't have peer hostname (value is always set to null), thus verification fails. Looks like reactor-netty's SSL Provider is always bootstrapped in a way to skip peer host.

Anyone lucky enough to have that working?

spring-cloud-gatewayreactor-netty


Solution 1:[1]

Reactor Netty (and respectively Spring Cloud Gateway) enables this by default https://github.com/netty/netty/issues/8537#issuecomment-820928044

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Violeta Georgieva

Related Questions

Spring Cloud Gateway with Eureka discovery enable CORS policies

Spring Cloud Gateway - How To Modify Response Body In Post Filter

spring-could-gateway: reactor.netty.channel.AbortedException: Connection has been closed BEFORE send operation

Gateway-service. 500 Server Error for HTTP GET "/"

Spring Cloud Gateway - modify response body in global Post filter

Extract WebClient GET response values within a Spring Cloud Gateway filter

Spring Cloud Gateway - custom 404 error message when route is not found

Cannot access api-docs of microservice from spring cloud gateway. Failed to load API definition

Spring Cloud Gateway with Swagger 3 issue

ServerHttpSecurity authorizeExchange PermitAll Not Working

Multiple ProxyExchangeArgumentResolver Beans

WebClient max header size

How to configure child group using NettyServerCustomizer?

How to make sure rector netty http client create fix connection to http server

spring-could-gateway: reactor.netty.channel.AbortedException: Connection has been closed BEFORE send operation