ssl

package
v1.18.0-rc4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 6, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	SslConfig_OcspStaplePolicy_name = map[int32]string{
		0: "LENIENT_STAPLING",
		1: "STRICT_STAPLING",
		2: "MUST_STAPLE",
	}
	SslConfig_OcspStaplePolicy_value = map[string]int32{
		"LENIENT_STAPLING": 0,
		"STRICT_STAPLING":  1,
		"MUST_STAPLE":      2,
	}
)

Enum value maps for SslConfig_OcspStaplePolicy.

View Source
var (
	SslParameters_ProtocolVersion_name = map[int32]string{
		0: "TLS_AUTO",
		1: "TLSv1_0",
		2: "TLSv1_1",
		3: "TLSv1_2",
		4: "TLSv1_3",
	}
	SslParameters_ProtocolVersion_value = map[string]int32{
		"TLS_AUTO": 0,
		"TLSv1_0":  1,
		"TLSv1_1":  2,
		"TLSv1_2":  3,
		"TLSv1_3":  4,
	}
)

Enum value maps for SslParameters_ProtocolVersion.

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_ssl_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type CallCredentials

type CallCredentials struct {

	// Call credentials are coming from a file,
	FileCredentialSource *CallCredentials_FileCredentialSource `protobuf:"bytes,1,opt,name=file_credential_source,json=fileCredentialSource,proto3" json:"file_credential_source,omitempty"`
	// contains filtered or unexported fields
}

func (*CallCredentials) Clone

func (m *CallCredentials) Clone() proto.Message

Clone function

func (*CallCredentials) Descriptor deprecated

func (*CallCredentials) Descriptor() ([]byte, []int)

Deprecated: Use CallCredentials.ProtoReflect.Descriptor instead.

func (*CallCredentials) Equal

func (m *CallCredentials) Equal(that interface{}) bool

Equal function

func (*CallCredentials) GetFileCredentialSource

func (x *CallCredentials) GetFileCredentialSource() *CallCredentials_FileCredentialSource

func (*CallCredentials) Hash deprecated

func (m *CallCredentials) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*CallCredentials) HashUnique added in v1.18.0

func (m *CallCredentials) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*CallCredentials) ProtoMessage

func (*CallCredentials) ProtoMessage()

func (*CallCredentials) ProtoReflect

func (x *CallCredentials) ProtoReflect() protoreflect.Message

func (*CallCredentials) Reset

func (x *CallCredentials) Reset()

func (*CallCredentials) String

func (x *CallCredentials) String() string

type CallCredentials_FileCredentialSource

type CallCredentials_FileCredentialSource struct {

	// File containing auth token.
	TokenFileName string `protobuf:"bytes,1,opt,name=token_file_name,json=tokenFileName,proto3" json:"token_file_name,omitempty"`
	// Header to carry the token.
	Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"`
	// contains filtered or unexported fields
}

func (*CallCredentials_FileCredentialSource) Clone

Clone function

func (*CallCredentials_FileCredentialSource) Descriptor deprecated

func (*CallCredentials_FileCredentialSource) Descriptor() ([]byte, []int)

Deprecated: Use CallCredentials_FileCredentialSource.ProtoReflect.Descriptor instead.

func (*CallCredentials_FileCredentialSource) Equal

func (m *CallCredentials_FileCredentialSource) Equal(that interface{}) bool

Equal function

func (*CallCredentials_FileCredentialSource) GetHeader

func (*CallCredentials_FileCredentialSource) GetTokenFileName

func (x *CallCredentials_FileCredentialSource) GetTokenFileName() string

func (*CallCredentials_FileCredentialSource) Hash deprecated

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*CallCredentials_FileCredentialSource) HashUnique added in v1.18.0

func (m *CallCredentials_FileCredentialSource) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*CallCredentials_FileCredentialSource) ProtoMessage

func (*CallCredentials_FileCredentialSource) ProtoMessage()

func (*CallCredentials_FileCredentialSource) ProtoReflect

func (*CallCredentials_FileCredentialSource) Reset

func (*CallCredentials_FileCredentialSource) String

type SDSConfig

type SDSConfig struct {

	// Target uri for the sds channel. currently only a unix domain socket is supported.
	TargetUri string `protobuf:"bytes,1,opt,name=target_uri,json=targetUri,proto3" json:"target_uri,omitempty"`
	// Types that are assignable to SdsBuilder:
	//
	//	*SDSConfig_CallCredentials
	//	*SDSConfig_ClusterName
	SdsBuilder isSDSConfig_SdsBuilder `protobuf_oneof:"sds_builder"`
	// The name of the secret containing the certificate
	CertificatesSecretName string `` /* 129-byte string literal not displayed */
	// The name of secret containing the validation context (i.e. root ca)
	ValidationContextName string `` /* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*SDSConfig) Clone

func (m *SDSConfig) Clone() proto.Message

Clone function

func (*SDSConfig) Descriptor deprecated

func (*SDSConfig) Descriptor() ([]byte, []int)

Deprecated: Use SDSConfig.ProtoReflect.Descriptor instead.

func (*SDSConfig) Equal

func (m *SDSConfig) Equal(that interface{}) bool

Equal function

func (*SDSConfig) GetCallCredentials

func (x *SDSConfig) GetCallCredentials() *CallCredentials

func (*SDSConfig) GetCertificatesSecretName

func (x *SDSConfig) GetCertificatesSecretName() string

func (*SDSConfig) GetClusterName

func (x *SDSConfig) GetClusterName() string

func (*SDSConfig) GetSdsBuilder

func (m *SDSConfig) GetSdsBuilder() isSDSConfig_SdsBuilder

func (*SDSConfig) GetTargetUri

func (x *SDSConfig) GetTargetUri() string

func (*SDSConfig) GetValidationContextName

func (x *SDSConfig) GetValidationContextName() string

func (*SDSConfig) Hash deprecated

func (m *SDSConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SDSConfig) HashUnique added in v1.18.0

func (m *SDSConfig) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SDSConfig) ProtoMessage

func (*SDSConfig) ProtoMessage()

func (*SDSConfig) ProtoReflect

func (x *SDSConfig) ProtoReflect() protoreflect.Message

func (*SDSConfig) Reset

func (x *SDSConfig) Reset()

func (*SDSConfig) String

func (x *SDSConfig) String() string

type SDSConfig_CallCredentials

type SDSConfig_CallCredentials struct {
	// Call credentials.
	CallCredentials *CallCredentials `protobuf:"bytes,2,opt,name=call_credentials,json=callCredentials,proto3,oneof"`
}

type SDSConfig_ClusterName

type SDSConfig_ClusterName struct {
	// The name of the sds cluster in envoy
	ClusterName string `protobuf:"bytes,5,opt,name=cluster_name,json=clusterName,proto3,oneof"`
}

type SSLFiles

type SSLFiles struct {
	TlsCert string `protobuf:"bytes,1,opt,name=tls_cert,json=tlsCert,proto3" json:"tls_cert,omitempty"`
	TlsKey  string `protobuf:"bytes,2,opt,name=tls_key,json=tlsKey,proto3" json:"tls_key,omitempty"`
	// for client cert validation. optional
	RootCa string `protobuf:"bytes,3,opt,name=root_ca,json=rootCa,proto3" json:"root_ca,omitempty"`
	// stapled ocsp response. optional
	// should be der-encoded
	OcspStaple string `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"`
	// contains filtered or unexported fields
}

SSLFiles reference paths to certificates which can be read by the proxy off of its local filesystem

func (*SSLFiles) Clone

func (m *SSLFiles) Clone() proto.Message

Clone function

func (*SSLFiles) Descriptor deprecated

func (*SSLFiles) Descriptor() ([]byte, []int)

Deprecated: Use SSLFiles.ProtoReflect.Descriptor instead.

func (*SSLFiles) Equal

func (m *SSLFiles) Equal(that interface{}) bool

Equal function

func (*SSLFiles) GetOcspStaple added in v1.14.2

func (x *SSLFiles) GetOcspStaple() string

func (*SSLFiles) GetRootCa

func (x *SSLFiles) GetRootCa() string

func (*SSLFiles) GetTlsCert

func (x *SSLFiles) GetTlsCert() string

func (*SSLFiles) GetTlsKey

func (x *SSLFiles) GetTlsKey() string

func (*SSLFiles) Hash deprecated

func (m *SSLFiles) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SSLFiles) HashUnique added in v1.18.0

func (m *SSLFiles) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SSLFiles) ProtoMessage

func (*SSLFiles) ProtoMessage()

func (*SSLFiles) ProtoReflect

func (x *SSLFiles) ProtoReflect() protoreflect.Message

func (*SSLFiles) Reset

func (x *SSLFiles) Reset()

func (*SSLFiles) String

func (x *SSLFiles) String() string

type SslConfig

type SslConfig struct {

	// Types that are assignable to SslSecrets:
	//
	//	*SslConfig_SecretRef
	//	*SslConfig_SslFiles
	//	*SslConfig_Sds
	SslSecrets isSslConfig_SslSecrets `protobuf_oneof:"ssl_secrets"`
	// optional. the SNI domains that should be considered for TLS connections
	SniDomains []string `protobuf:"bytes,3,rep,name=sni_domains,json=sniDomains,proto3" json:"sni_domains,omitempty"`
	// Verify that the Subject Alternative Name in the peer certificate is one of the specified values.
	// note that a root_ca must be provided if this option is used.
	VerifySubjectAltName []string       `protobuf:"bytes,5,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"`
	Parameters           *SslParameters `protobuf:"bytes,6,opt,name=parameters,proto3" json:"parameters,omitempty"`
	// Set Application Level Protocol Negotiation
	// If empty, defaults to ["h2", "http/1.1"].
	// As an advanced option you may use ["allow_empty"] to avoid defaults and set alpn to have no alpn set (ie pass empty slice).
	AlpnProtocols []string `protobuf:"bytes,7,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
	// If the SSL config has the ca.crt (root CA) provided, Gloo uses it to perform mTLS by default.
	// Set oneWayTls to true to disable mTLS in favor of server-only TLS (one-way TLS), even if Gloo has the root CA.
	// If unset, defaults to false.
	OneWayTls *wrapperspb.BoolValue `protobuf:"bytes,8,opt,name=one_way_tls,json=oneWayTls,proto3" json:"one_way_tls,omitempty"`
	// If set to true, the TLS session resumption will be deactivated, note that it deactivates only the tickets based tls session resumption (not the cache).
	DisableTlsSessionResumption *wrapperspb.BoolValue `` /* 146-byte string literal not displayed */
	// If present and nonzero, the amount of time to allow incoming connections to complete any
	// transport socket negotiations. If this expires before the transport reports connection
	// establishment, the connection is summarily closed.
	TransportSocketConnectTimeout *durationpb.Duration `` /* 153-byte string literal not displayed */
	// The OCSP staple policy to use for this listener.
	// Defaults to `LENIENT_STAPLING`.
	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/tls.proto#enum-extensions-transport-sockets-tls-v3-downstreamtlscontext-ocspstaplepolicy
	OcspStaplePolicy SslConfig_OcspStaplePolicy `` /* 158-byte string literal not displayed */
	// contains filtered or unexported fields
}

SslConfig contains the options necessary to configure a virtual host or listener to use TLS termination

func (*SslConfig) Clone

func (m *SslConfig) Clone() proto.Message

Clone function

func (*SslConfig) Descriptor deprecated

func (*SslConfig) Descriptor() ([]byte, []int)

Deprecated: Use SslConfig.ProtoReflect.Descriptor instead.

func (*SslConfig) Equal

func (m *SslConfig) Equal(that interface{}) bool

Equal function

func (*SslConfig) GetAlpnProtocols

func (x *SslConfig) GetAlpnProtocols() []string

func (*SslConfig) GetDisableTlsSessionResumption

func (x *SslConfig) GetDisableTlsSessionResumption() *wrapperspb.BoolValue

func (*SslConfig) GetOcspStaplePolicy added in v1.14.2

func (x *SslConfig) GetOcspStaplePolicy() SslConfig_OcspStaplePolicy

func (*SslConfig) GetOneWayTls

func (x *SslConfig) GetOneWayTls() *wrapperspb.BoolValue

func (*SslConfig) GetParameters

func (x *SslConfig) GetParameters() *SslParameters

func (*SslConfig) GetSds

func (x *SslConfig) GetSds() *SDSConfig

func (*SslConfig) GetSecretRef

func (x *SslConfig) GetSecretRef() *core.ResourceRef

func (*SslConfig) GetSniDomains

func (x *SslConfig) GetSniDomains() []string

func (*SslConfig) GetSslFiles

func (x *SslConfig) GetSslFiles() *SSLFiles

func (*SslConfig) GetSslSecrets

func (m *SslConfig) GetSslSecrets() isSslConfig_SslSecrets

func (*SslConfig) GetTransportSocketConnectTimeout

func (x *SslConfig) GetTransportSocketConnectTimeout() *durationpb.Duration

func (*SslConfig) GetVerifySubjectAltName

func (x *SslConfig) GetVerifySubjectAltName() []string

func (*SslConfig) Hash deprecated

func (m *SslConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SslConfig) HashUnique added in v1.18.0

func (m *SslConfig) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SslConfig) ProtoMessage

func (*SslConfig) ProtoMessage()

func (*SslConfig) ProtoReflect

func (x *SslConfig) ProtoReflect() protoreflect.Message

func (*SslConfig) Reset

func (x *SslConfig) Reset()

func (*SslConfig) String

func (x *SslConfig) String() string

type SslConfig_OcspStaplePolicy added in v1.14.2

type SslConfig_OcspStaplePolicy int32
const (
	// OCSP responses are optional. If none is provided, or the provided response is expired, the associated certificate will be used without the OCSP response.
	SslConfig_LENIENT_STAPLING SslConfig_OcspStaplePolicy = 0
	// OCSP responses are optional. If none is provided, the associated certificate will be used without the OCSP response.
	// If a response is present, but expired, the certificate will not be used for connections.
	// If no suitable certificate is found, the connection is rejected.
	SslConfig_STRICT_STAPLING SslConfig_OcspStaplePolicy = 1
	// OCSP responses are required. If no `ocsp_staple` is set on a certificate, configuration will fail.
	// If a response is expired, the associated certificate will not be used.
	// If no suitable certificate is found, the connection is rejected.
	SslConfig_MUST_STAPLE SslConfig_OcspStaplePolicy = 2
)

func (SslConfig_OcspStaplePolicy) Descriptor added in v1.14.2

func (SslConfig_OcspStaplePolicy) Enum added in v1.14.2

func (SslConfig_OcspStaplePolicy) EnumDescriptor deprecated added in v1.14.2

func (SslConfig_OcspStaplePolicy) EnumDescriptor() ([]byte, []int)

Deprecated: Use SslConfig_OcspStaplePolicy.Descriptor instead.

func (SslConfig_OcspStaplePolicy) Number added in v1.14.2

func (SslConfig_OcspStaplePolicy) String added in v1.14.2

func (SslConfig_OcspStaplePolicy) Type added in v1.14.2

type SslConfig_Sds

type SslConfig_Sds struct {
	// Use secret discovery service.
	Sds *SDSConfig `protobuf:"bytes,4,opt,name=sds,proto3,oneof"`
}

type SslConfig_SecretRef

type SslConfig_SecretRef struct {
	// SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret.
	// gloo tls secret can contain a root ca as well if verification is needed.
	SecretRef *core.ResourceRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3,oneof"`
}

type SslConfig_SslFiles

type SslConfig_SslFiles struct {
	// SSLFiles reference paths to certificates which are local to the proxy
	SslFiles *SSLFiles `protobuf:"bytes,2,opt,name=ssl_files,json=sslFiles,proto3,oneof"`
}

type SslParameters

type SslParameters struct {
	MinimumProtocolVersion SslParameters_ProtocolVersion `` /* 178-byte string literal not displayed */
	MaximumProtocolVersion SslParameters_ProtocolVersion `` /* 178-byte string literal not displayed */
	CipherSuites           []string                      `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"`
	EcdhCurves             []string                      `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"`
	// contains filtered or unexported fields
}

General TLS parameters. See the [envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters) for more information on the meaning of these values.

func (*SslParameters) Clone

func (m *SslParameters) Clone() proto.Message

Clone function

func (*SslParameters) Descriptor deprecated

func (*SslParameters) Descriptor() ([]byte, []int)

Deprecated: Use SslParameters.ProtoReflect.Descriptor instead.

func (*SslParameters) Equal

func (m *SslParameters) Equal(that interface{}) bool

Equal function

func (*SslParameters) GetCipherSuites

func (x *SslParameters) GetCipherSuites() []string

func (*SslParameters) GetEcdhCurves

func (x *SslParameters) GetEcdhCurves() []string

func (*SslParameters) GetMaximumProtocolVersion

func (x *SslParameters) GetMaximumProtocolVersion() SslParameters_ProtocolVersion

func (*SslParameters) GetMinimumProtocolVersion

func (x *SslParameters) GetMinimumProtocolVersion() SslParameters_ProtocolVersion

func (*SslParameters) Hash deprecated

func (m *SslParameters) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SslParameters) HashUnique added in v1.18.0

func (m *SslParameters) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SslParameters) ProtoMessage

func (*SslParameters) ProtoMessage()

func (*SslParameters) ProtoReflect

func (x *SslParameters) ProtoReflect() protoreflect.Message

func (*SslParameters) Reset

func (x *SslParameters) Reset()

func (*SslParameters) String

func (x *SslParameters) String() string

type SslParameters_ProtocolVersion

type SslParameters_ProtocolVersion int32
const (
	// Envoy will choose the optimal TLS version.
	SslParameters_TLS_AUTO SslParameters_ProtocolVersion = 0
	// TLS 1.0
	SslParameters_TLSv1_0 SslParameters_ProtocolVersion = 1
	// TLS 1.1
	SslParameters_TLSv1_1 SslParameters_ProtocolVersion = 2
	// TLS 1.2
	SslParameters_TLSv1_2 SslParameters_ProtocolVersion = 3
	// TLS 1.3
	SslParameters_TLSv1_3 SslParameters_ProtocolVersion = 4
)

func (SslParameters_ProtocolVersion) Descriptor

func (SslParameters_ProtocolVersion) Enum

func (SslParameters_ProtocolVersion) EnumDescriptor deprecated

func (SslParameters_ProtocolVersion) EnumDescriptor() ([]byte, []int)

Deprecated: Use SslParameters_ProtocolVersion.Descriptor instead.

func (SslParameters_ProtocolVersion) Number

func (SslParameters_ProtocolVersion) String

func (SslParameters_ProtocolVersion) Type

type UpstreamSslConfig

type UpstreamSslConfig struct {

	// Types that are assignable to SslSecrets:
	//
	//	*UpstreamSslConfig_SecretRef
	//	*UpstreamSslConfig_SslFiles
	//	*UpstreamSslConfig_Sds
	SslSecrets isUpstreamSslConfig_SslSecrets `protobuf_oneof:"ssl_secrets"`
	// optional. the SNI domains that should be considered for TLS connections
	Sni string `protobuf:"bytes,3,opt,name=sni,proto3" json:"sni,omitempty"`
	// Verify that the Subject Alternative Name in the peer certificate is one of the specified values.
	// note that a root_ca must be provided if this option is used.
	VerifySubjectAltName []string       `protobuf:"bytes,5,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"`
	Parameters           *SslParameters `protobuf:"bytes,7,opt,name=parameters,proto3" json:"parameters,omitempty"`
	// Set Application Level Protocol Negotiation.
	// If empty, it is not set.
	AlpnProtocols []string `protobuf:"bytes,8,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
	// Allow Tls renegotiation, the default value is false.
	// TLS renegotiation is considered insecure and shouldn’t be used unless absolutely necessary.
	AllowRenegotiation *wrapperspb.BoolValue `protobuf:"bytes,10,opt,name=allow_renegotiation,json=allowRenegotiation,proto3" json:"allow_renegotiation,omitempty"`
	// If the SSL config has the ca.crt (root CA) provided, Gloo uses it to perform mTLS by default.
	// Set oneWayTls to true to disable mTLS in favor of server-only TLS (one-way TLS), even if Gloo has the root CA.
	// This flag does nothing if SDS is configured.
	// If unset, defaults to false.
	OneWayTls *wrapperspb.BoolValue `protobuf:"bytes,11,opt,name=one_way_tls,json=oneWayTls,proto3" json:"one_way_tls,omitempty"`
	// contains filtered or unexported fields
}

SslConfig contains the options necessary to configure an upstream to use TLS origination

func (*UpstreamSslConfig) Clone

func (m *UpstreamSslConfig) Clone() proto.Message

Clone function

func (*UpstreamSslConfig) Descriptor deprecated

func (*UpstreamSslConfig) Descriptor() ([]byte, []int)

Deprecated: Use UpstreamSslConfig.ProtoReflect.Descriptor instead.

func (*UpstreamSslConfig) Equal

func (m *UpstreamSslConfig) Equal(that interface{}) bool

Equal function

func (*UpstreamSslConfig) GetAllowRenegotiation

func (x *UpstreamSslConfig) GetAllowRenegotiation() *wrapperspb.BoolValue

func (*UpstreamSslConfig) GetAlpnProtocols

func (x *UpstreamSslConfig) GetAlpnProtocols() []string

func (*UpstreamSslConfig) GetOneWayTls added in v1.18.0

func (x *UpstreamSslConfig) GetOneWayTls() *wrapperspb.BoolValue

func (*UpstreamSslConfig) GetParameters

func (x *UpstreamSslConfig) GetParameters() *SslParameters

func (*UpstreamSslConfig) GetSds

func (x *UpstreamSslConfig) GetSds() *SDSConfig

func (*UpstreamSslConfig) GetSecretRef

func (x *UpstreamSslConfig) GetSecretRef() *core.ResourceRef

func (*UpstreamSslConfig) GetSni

func (x *UpstreamSslConfig) GetSni() string

func (*UpstreamSslConfig) GetSslFiles

func (x *UpstreamSslConfig) GetSslFiles() *SSLFiles

func (*UpstreamSslConfig) GetSslSecrets

func (m *UpstreamSslConfig) GetSslSecrets() isUpstreamSslConfig_SslSecrets

func (*UpstreamSslConfig) GetVerifySubjectAltName

func (x *UpstreamSslConfig) GetVerifySubjectAltName() []string

func (*UpstreamSslConfig) Hash deprecated

func (m *UpstreamSslConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*UpstreamSslConfig) HashUnique added in v1.18.0

func (m *UpstreamSslConfig) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*UpstreamSslConfig) ProtoMessage

func (*UpstreamSslConfig) ProtoMessage()

func (*UpstreamSslConfig) ProtoReflect

func (x *UpstreamSslConfig) ProtoReflect() protoreflect.Message

func (*UpstreamSslConfig) Reset

func (x *UpstreamSslConfig) Reset()

func (*UpstreamSslConfig) String

func (x *UpstreamSslConfig) String() string

type UpstreamSslConfig_Sds

type UpstreamSslConfig_Sds struct {
	// Use secret discovery service.
	Sds *SDSConfig `protobuf:"bytes,4,opt,name=sds,proto3,oneof"`
}

type UpstreamSslConfig_SecretRef

type UpstreamSslConfig_SecretRef struct {
	// SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret.
	// gloo tls secret can contain a root ca as well if verification is needed.
	SecretRef *core.ResourceRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3,oneof"`
}

type UpstreamSslConfig_SslFiles

type UpstreamSslConfig_SslFiles struct {
	// SSLFiles reference paths to certificates which are local to the proxy
	SslFiles *SSLFiles `protobuf:"bytes,2,opt,name=ssl_files,json=sslFiles,proto3,oneof"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL