Additional Description: This PR necessitated decoupling SslHandshakerImpl from ContextConfig a bit. We now pass an int representing the index of the extended_info struct rather than the ContextConfig.
This PR moves SslHandshakerImpl to its own build target, moves SslHandshaker construction into the ContextConfig, and adds a HandshakerFactoryContext and HandshakerFactory for modifying the ContextConfig's behavior when constructing a Handshaker. This PR also adds a control (requireCertificates) to turn off the release asserts that a context must have certificates.
This PR builds off work in https://github.com/envoyproxy/envoy/pull/12571 and refines work done (and abandoned) in https://github.com/envoyproxy/envoy/pull/12075/. For more discussion please see the comments section of https://github.com/envoyproxy/envoy/pull/12075/.
Risk Level: Low. This PR does not modify existing handshaking behavior, it just adds an extension point for modifying it.
Testing: A representative alternative implementation was added under :handshaker_test.
Docs Changes: N/a
Release Notes: N/a
Signed-off-by: James Buckland <jbuckland@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7d6e7a4e559bdf0346687f7f404412e2412ea6fb
This is necessary to provide TLS transport socket docs and to be able to have the TLS transport
socket added to the threat model docs (via its security_posture tag).
I did both v2/v3, since this is not technically a change to v2, justa file re-org, and the shadowing
machinery prefers file consistency across versions.
Risk level: Low (refactoring)
Testing: Docs generation and manual inspection.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ab32f5fd01ca8b23ee16dcffb55b1276e55bf1fa
data-plane-api(CircleCI)