tls: plumbing for multiple TLS certificate ingestion. (#5095)

This PR starts to plumb multiple TLS certs from the proto level into the SSL context. We stop short
of enabling multiple TLS certificates, but instead have sufficient mechanism and interface changes
to propagate them to the SSL context. Future PRs will extend this with the SSL context
implementation.

Risk Level: Low
Testing: bazel test //test/...

Part of #1319.

Signed-off-by: Harvey Tuch <htuch@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 9d1d959c5e8fc8e02754ea28e6cba9f7b1e3d1fc
pull/620/head
data-plane-api(CircleCI) 6 years ago
parent be02370dc5
commit 333c95e5c0
  1. 9
      envoy/api/v2/auth/cert.proto

@ -229,11 +229,10 @@ message CommonTlsContext {
// Multiple TLS certificates can be associated with the same context.
// E.g. to allow both RSA and ECDSA certificates, two TLS certificates can be configured.
//
// .. attention::
//
// Although this is a list, currently only a single certificate is supported. This will be
// relaxed in the future.
repeated TlsCertificate tls_certificates = 2 [(validate.rules).repeated .max_items = 1];
// Only a single TLS certificate is supported in client contexts. In server contexts, the first
// RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
// used for clients that support ECDSA.
repeated TlsCertificate tls_certificates = 2;
// Configs for fetching TLS certificates via SDS API.
repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6;

Loading…
Cancel
Save