address comment and set proxy_ssl_Verify_depth

Kong · Nov 18, 2022 · 80986dc · 80986dc
1 parent 6d1bb04
commit 80986dc
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/kong/conf_loader/init.lua b/kong/conf_loader/init.lua
@@ -1865,7 +1865,7 @@ local function load(path, custom_conf, opts)
   -- hybrid mode HTTP tunneling (CONNECT) proxy inside HTTPS
   if conf.cluster_use_proxy then
     -- throw err, assume it's already handled in check_and_infer
-    local parsed = assert(require("socket.url").parse(conf.proxy_server))
+    local parsed = assert(socket_url.parse(conf.proxy_server))
     if parsed.scheme == "https" then
       conf.cluster_ssl_tunnel = fmt("%s:%s", parsed.host, parsed.port or 443)
     end

diff --git a/kong/templates/nginx.lua b/kong/templates/nginx.lua
@@ -44,6 +44,7 @@ stream {
 > if lua_ssl_trusted_certificate_combined then
         proxy_ssl_trusted_certificate '${{LUA_SSL_TRUSTED_CERTIFICATE_COMBINED}}';
 > end
+        proxy_ssl_verify_depth 5; # 5 should be sufficient
 > else
         proxy_ssl_verify off;
 > end

diff --git a/spec/fixtures/custom_nginx.template b/spec/fixtures/custom_nginx.template
@@ -981,6 +981,7 @@ server {
 > if lua_ssl_trusted_certificate_combined then
         proxy_ssl_trusted_certificate '${{LUA_SSL_TRUSTED_CERTIFICATE_COMBINED}}';
 > end
+        proxy_ssl_verify_depth 5; # 5 should be sufficient
 > else
         proxy_ssl_verify off;
 > end