diff --git a/envoy/api/v2/auth/cert.proto b/envoy/api/v2/auth/cert.proto index a460ae1d..090de7b9 100644 --- a/envoy/api/v2/auth/cert.proto +++ b/envoy/api/v2/auth/cert.proto @@ -227,8 +227,8 @@ message CommonTlsContext { // TLS protocol versions, cipher suites etc. TlsParameters tls_params = 1; - // Multiple TLS certificates can be associated with the same context. - // E.g. to allow both RSA and ECDSA certificates, two TLS certificates can be configured. + // :ref:`Multiple TLS certificates ` can be associated with the + // same context to allow both RSA and ECDSA certificates. // // Only a single TLS certificate is supported in client contexts. In server contexts, the first // RSA certificate is used for clients that only support RSA and the first ECDSA certificate is @@ -236,7 +236,8 @@ message CommonTlsContext { repeated TlsCertificate tls_certificates = 2; // Configs for fetching TLS certificates via SDS API. - repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6; + repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6 + [(validate.rules).repeated .max_items = 1]; message CombinedCertificateValidationContext { // How to validate peer certificates.