Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

tls: allow multiple client certificates. (#163)

Browse Source 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
pull/167/head
Piotr Sikora 7 years ago committed by Matt Klein
parent 4485ddd00e
commit b9e89d760d
1 changed files with 10 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      api/tls_context.proto

23
api/tls_context.proto
Unescape View File

@ -72,29 +72,30 @@ message CommonTlsContext {
// TLS protocol versions, cipher suites etc.
TlsParameters tls_params = 1;
// Protocols to negotiate over ALPN
repeated string alpn_protocols = 2;
// Multiple TLS certificates can be associated with the same context,
// e.g. to allow both RSA and ECDSA certificates [V2-API-DIFF].
repeated TlsCertificate tls_certificates = 2;
// How to validate peer certificates.
CertificateValidationContext validation_context = 3;
// Protocols to negotiate over ALPN
repeated string alpn_protocols = 4;
// These fields are deprecated and only are used during the interim v1 -> v2
// transition period for internal purposes. They should not be used outside of
// the Envoy binary.
message DeprecatedV1 {
string alt_alpn_protocols = 1;
}
DeprecatedV1 deprecated_v1 = 4;
DeprecatedV1 deprecated_v1 = 5;
}
message UpstreamTlsContext {
CommonTlsContext common_tls_context = 1;
// Client certificate to present to backend.
TlsCertificate client_certificate = 2;
// SNI string to use when creating TLS backend connections.
string sni = 3;
string sni = 2;
}
// [V2-API-DIFF] This has been reworked to support alternative modes of
@ -103,14 +104,10 @@ message UpstreamTlsContext {
message DownstreamTlsContext {
CommonTlsContext common_tls_context = 1;
// Multiple TLS certificates can be associated with the same context, e.g. to
// allow both RSA and ECDSA certificates for the same SNI [V2-API-DIFF].
repeated TlsCertificate tls_certificates = 2;
// If specified, Envoy will reject connections without a valid client
// certificate.
google.protobuf.BoolValue require_client_certificate = 3;
google.protobuf.BoolValue require_client_certificate = 2;
// If specified, Envoy will reject connections without a valid and matching SNI.
google.protobuf.BoolValue require_sni = 4;
google.protobuf.BoolValue require_sni = 3;
}

Write Preview
Loading…
Cancel
Save