api: update doc to clarify match_subject_alt_names is optional and fix a typo (#13696)

The comment in v3 version was missing the "If specified.." clause from the v2 version of that comment Risk Level: low Testing: Ran ./ci/run_envoy_docker.sh './ci/do_ci.sh fix_format' Docs Changes: comment in a proto file changed Signed-off-by: Sanjay Pujare <sanjaypujare@google.com> Mirrored from https://github.com/envoyproxy/envoy @ f8e453fb43d5545730ddc90e10da541154d690b6
4 years ago · b681b63133
parent 2ef60cb3c5
commit b681b63133
2 changed files with 4 additions and 4 deletions
--- a/envoy/extensions/transport_sockets/tls/v3/common.proto
+++ b/envoy/extensions/transport_sockets/tls/v3/common.proto
@ -297,8 +297,8 @@ message CertificateValidationContext {
  repeated string verify_certificate_hash = 2
      [(validate.rules).repeated = {items {string {min_len: 64 max_bytes: 95}}}];

-  // An optional list of Subject Alternative name matchers. Envoy will verify that the
-  // Subject Alternative Name of the presented certificate matches one of the specified matches.
+  // An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the
+  // Subject Alternative Name of the presented certificate matches one of the specified matchers.
  //
  // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be
  // configured with exact match type in the :ref:`string matcher <envoy_api_msg_type.matcher.v3.StringMatcher>`.
--- a/envoy/extensions/transport_sockets/tls/v4alpha/common.proto
+++ b/envoy/extensions/transport_sockets/tls/v4alpha/common.proto
@ -299,8 +299,8 @@ message CertificateValidationContext {
  repeated string verify_certificate_hash = 2
      [(validate.rules).repeated = {items {string {min_len: 64 max_bytes: 95}}}];

-  // An optional list of Subject Alternative name matchers. Envoy will verify that the
-  // Subject Alternative Name of the presented certificate matches one of the specified matches.
+  // An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the
+  // Subject Alternative Name of the presented certificate matches one of the specified matchers.
  //
  // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be
  // configured with exact match type in the :ref:`string matcher <envoy_api_msg_type.matcher.v4alpha.StringMatcher>`.