'trusted_ca_cert_file' field is deprecated - what code to write instead?

Meri · October 22, 2024, 6:00pm

I have this code:

:8080 {
	tls /etc/certs/server.crt /etc/certs/server.key {
		client_auth {
			mode require_and_verify
			trusted_ca_cert_file /etc/certs/ca.crt
		}
	}
}

which gives a deprecation warning:

"The 'trusted_ca_cert_file' field is deprecated. Use the 'trust_pool' field instead."

I’ve consulted the documentation
which says I need to specify trust_pool <module>
but it doesn’t really make sense to me.

Can you give an example?

francislavoie · October 22, 2024, 7:55pm

Did you read the docs?

Meri · October 22, 2024, 8:07pm

It wasn’t making sense to me, but I got it now:

tls /etc/certs/server.crt /etc/certs/server.key {
  client_auth {
    trust_pool file /etc/certs/ca.crt
  }
}

reverse_proxy {
  transport http {
    tls_trust_pool file /etc/certs/ca.crt
  }
}

system · November 21, 2024, 8:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.