TykTechnologies / tyk / 4521 / 1

DEFAULT BRANCH: master
Ran
Files 94
Run time 4s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 57.385% (+0.2%) from 57.22%
LATEST_GO=true

push

travis-ci

buger 
Added public key pinning feature

Certificate pinning is a feature which allows you to white list public
keys used to generated certificates, so you will be protected in cases
when upstream certificate is compromised.

Using Tyk you can white-list one or multiple public keys per domain.
Wild card domains also supported.

Public keys stored inside Tyk certificate storage, so you can use
Certificate API to manage them.

You can define them globally, using Tyk configuration file and
`security.pinned_public_keys` option, or via API definition
`pinned_public_keys` field, using the following format:
```
{
    “example.com”: “<key-id>”,
    “foo.com”: “/path/to/pub.pem”,
    “*.wild.com”: “<key-id>,<key-id-2>”
}
```

As `key-id` you should set ID returned after you uploaded public key
using Certificate API. Additionally you can just set path to public
key, located on your server. You can specify multiple public keys by
separating their IDs by comma.

Note that only public keys in PEM format are supported.

If public keys are not provided by your upstream, you can extract them
by yourself using following command:
> openssl s_client -connect the.host.name:443 | openssl x509 -pubkey
-noout

If you already have certificate, and just need to get its public key,
you can do it using following command:
> openssl x509 -pubkey -noout -in cert.pem

PS. Upstream certificates now also has wildcard domain support

8532 of 14868 relevant lines covered (57.38%)

0.63 hits per line

Source Files on job 4521.1 (LATEST_GO=true)