router: allow overridding SAN from host/authority (#9863)

Signed-off-by: Lizan Zhou <lizan@tetrate.io> Mirrored from https://github.com/envoyproxy/envoy @ 210915157ebf74817ff7437a2d6aeed4021c84b2
5 years ago · c24c5dd23f
parent 4e6b248c86
commit c24c5dd23f
2 changed files with 12 additions and 0 deletions
--- a/envoy/api/v2/core/protocol.proto
+++ b/envoy/api/v2/core/protocol.proto
@ -24,6 +24,12 @@ message UpstreamHttpProtocolOptions {
  // upstream connections based on the downstream HTTP host/authority header, as seen by the
  // :ref:`router filter <config_http_filters_router>`.
  bool auto_sni = 1;
+
+  // Automatic validate upstream presented certificate for new upstream connections based on the
+  // downstream HTTP host/authority header, as seen by the
+  // :ref:`router filter <config_http_filters_router>`.
+  // This field is intended to set with `auto_sni` field.
+  bool auto_san_validation = 2;
 }

 message HttpProtocolOptions {
--- a/envoy/config/core/v3/protocol.proto
+++ b/envoy/config/core/v3/protocol.proto
@ -29,6 +29,12 @@ message UpstreamHttpProtocolOptions {
  // upstream connections based on the downstream HTTP host/authority header, as seen by the
  // :ref:`router filter <config_http_filters_router>`.
  bool auto_sni = 1;
+
+  // Automatic validate upstream presented certificate for new upstream connections based on the
+  // downstream HTTP host/authority header, as seen by the
+  // :ref:`router filter <config_http_filters_router>`.
+  // This field is intended to set with `auto_sni` field.
+  bool auto_san_validation = 2;
 }

 message HttpProtocolOptions {