Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[tls] Add an extension point for TLS handshaker behavior. (#12658)

Browse Source 
Additional Description: This PR necessitated decoupling SslHandshakerImpl from ContextConfig a bit. We now pass an int representing the index of the extended_info struct rather than the ContextConfig.

This PR moves SslHandshakerImpl to its own build target, moves SslHandshaker construction into the ContextConfig, and adds a HandshakerFactoryContext and HandshakerFactory for modifying the ContextConfig's behavior when constructing a Handshaker. This PR also adds a control (requireCertificates) to turn off the release asserts that a context must have certificates.

This PR builds off work in https://github.com/envoyproxy/envoy/pull/12571 and refines work done (and abandoned) in https://github.com/envoyproxy/envoy/pull/12075/. For more discussion please see the comments section of https://github.com/envoyproxy/envoy/pull/12075/.

Risk Level: Low. This PR does not modify existing handshaking behavior, it just adds an extension point for modifying it.
Testing: A representative alternative implementation was added under :handshaker_test.
Docs Changes: N/a
Release Notes: N/a

Signed-off-by: James Buckland <jbuckland@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 7d6e7a4e559bdf0346687f7f404412e2412ea6fb
master-ci-test
data-plane-api(CircleCI) 4 years ago
parent 30115e81d6
commit 732109cd35
2 changed files with 10 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      envoy/extensions/transport_sockets/tls/v3/tls.proto
  2. 6
      envoy/extensions/transport_sockets/tls/v4alpha/tls.proto

6
envoy/extensions/transport_sockets/tls/v3/tls.proto
Unescape View File

@ -99,7 +99,7 @@ message DownstreamTlsContext {
} }
// TLS context shared by both client and server TLS contexts. // TLS context shared by both client and server TLS contexts.
// [#next-free-field: 13] // [#next-free-field: 14]
message CommonTlsContext { message CommonTlsContext {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CommonTlsContext"; option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CommonTlsContext";
@ -238,4 +238,8 @@ message CommonTlsContext {
// //
// There is no default for this parameter. If empty, Envoy will not expose ALPN. // There is no default for this parameter. If empty, Envoy will not expose ALPN.
repeated string alpn_protocols = 4; repeated string alpn_protocols = 4;
// Custom TLS handshaker. If empty, defaults to native TLS handshaking
// behavior.
config.core.v3.TypedExtensionConfig custom_handshaker = 13;
} }

6
envoy/extensions/transport_sockets/tls/v4alpha/tls.proto
Unescape View File

@ -98,7 +98,7 @@ message DownstreamTlsContext {
} }
// TLS context shared by both client and server TLS contexts. // TLS context shared by both client and server TLS contexts.
// [#next-free-field: 13] // [#next-free-field: 14]
message CommonTlsContext { message CommonTlsContext {
option (udpa.annotations.versioning).previous_message_type = option (udpa.annotations.versioning).previous_message_type =
"envoy.extensions.transport_sockets.tls.v3.CommonTlsContext"; "envoy.extensions.transport_sockets.tls.v3.CommonTlsContext";
@ -243,4 +243,8 @@ message CommonTlsContext {
// //
// There is no default for this parameter. If empty, Envoy will not expose ALPN. // There is no default for this parameter. If empty, Envoy will not expose ALPN.
repeated string alpn_protocols = 4; repeated string alpn_protocols = 4;
// Custom TLS handshaker. If empty, defaults to native TLS handshaking
// behavior.
config.core.v4alpha.TypedExtensionConfig custom_handshaker = 13;
} }

Write Preview
Loading…
Cancel
Save