ssl

package
v1.18.0-rc5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	SslConfig_OcspStaplePolicy_name = map[int32]string{
		0: "LENIENT_STAPLING",
		1: "STRICT_STAPLING",
		2: "MUST_STAPLE",
	}
	SslConfig_OcspStaplePolicy_value = map[string]int32{
		"LENIENT_STAPLING": 0,
		"STRICT_STAPLING":  1,
		"MUST_STAPLE":      2,
	}
)

Enum value maps for SslConfig_OcspStaplePolicy.

View Source 
var (
	SslParameters_ProtocolVersion_name = map[int32]string{
		0: "TLS_AUTO",
		1: "TLSv1_0",
		2: "TLSv1_1",
		3: "TLSv1_2",
		4: "TLSv1_3",
	}
	SslParameters_ProtocolVersion_value = map[string]int32{
		"TLS_AUTO": 0,
		"TLSv1_0":  1,
		"TLSv1_1":  2,
		"TLSv1_2":  3,
		"TLSv1_3":  4,
	}
)

Enum value maps for SslParameters_ProtocolVersion.

View Source 
var File_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_ssl_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type CallCredentials 

type CallCredentials struct {

	// Call credentials are coming from a file,
	FileCredentialSource *CallCredentials_FileCredentialSource `protobuf:"bytes,1,opt,name=file_credential_source,json=fileCredentialSource,proto3" json:"file_credential_source,omitempty"`
	// contains filtered or unexported fields
}

func (*CallCredentials) Clone 

func (m *CallCredentials) Clone() proto.Message

Clone function

func (*CallCredentials) Descriptor deprecated 

func (*CallCredentials) Descriptor() ([]byte, []int)

Deprecated: Use CallCredentials.ProtoReflect.Descriptor instead.

func (*CallCredentials) Equal 

func (m *CallCredentials) Equal(that interface{}) bool

Equal function

func (*CallCredentials) GetFileCredentialSource 

func (x *CallCredentials) GetFileCredentialSource() *CallCredentials_FileCredentialSource

func (*CallCredentials) Hash deprecated 

func (m *CallCredentials) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*CallCredentials) HashUnique added in v1.18.0 

func (m *CallCredentials) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*CallCredentials) ProtoMessage 

func (*CallCredentials) ProtoMessage()

func (*CallCredentials) ProtoReflect 

func (x *CallCredentials) ProtoReflect() protoreflect.Message

func (*CallCredentials) Reset 

func (x *CallCredentials) Reset()

func (*CallCredentials) String 

func (x *CallCredentials) String() string

type CallCredentials_FileCredentialSource 

type CallCredentials_FileCredentialSource struct {

	// File containing auth token.
	TokenFileName string `protobuf:"bytes,1,opt,name=token_file_name,json=tokenFileName,proto3" json:"token_file_name,omitempty"`
	// Header to carry the token.
	Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"`
	// contains filtered or unexported fields
}

func (*CallCredentials_FileCredentialSource) Clone 

func (m *CallCredentials_FileCredentialSource) Clone() proto.Message

Clone function

func (*CallCredentials_FileCredentialSource) Descriptor deprecated 

func (*CallCredentials_FileCredentialSource) Descriptor() ([]byte, []int)

Deprecated: Use CallCredentials_FileCredentialSource.ProtoReflect.Descriptor instead.

func (*CallCredentials_FileCredentialSource) Equal 

func (m *CallCredentials_FileCredentialSource) Equal(that interface{}) bool

Equal function

func (*CallCredentials_FileCredentialSource) GetHeader 

func (x *CallCredentials_FileCredentialSource) GetHeader() string

func (*CallCredentials_FileCredentialSource) GetTokenFileName 

func (x *CallCredentials_FileCredentialSource) GetTokenFileName() string

func (*CallCredentials_FileCredentialSource) Hash deprecated 

func (m *CallCredentials_FileCredentialSource) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*CallCredentials_FileCredentialSource) HashUnique added in v1.18.0 

func (m *CallCredentials_FileCredentialSource) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*CallCredentials_FileCredentialSource) ProtoMessage 

func (*CallCredentials_FileCredentialSource) ProtoMessage()

func (*CallCredentials_FileCredentialSource) ProtoReflect 

func (x *CallCredentials_FileCredentialSource) ProtoReflect() protoreflect.Message

func (*CallCredentials_FileCredentialSource) Reset 

func (x *CallCredentials_FileCredentialSource) Reset()

func (*CallCredentials_FileCredentialSource) String 

func (x *CallCredentials_FileCredentialSource) String() string

type SDSConfig 

type SDSConfig struct {

	// Target uri for the sds channel. currently only a unix domain socket is supported.
	TargetUri string `protobuf:"bytes,1,opt,name=target_uri,json=targetUri,proto3" json:"target_uri,omitempty"`
	// Types that are assignable to SdsBuilder:
	//
	//	*SDSConfig_CallCredentials
	//	*SDSConfig_ClusterName
	SdsBuilder isSDSConfig_SdsBuilder `protobuf_oneof:"sds_builder"`
	// The name of the secret containing the certificate
	CertificatesSecretName string `` /* 129-byte string literal not displayed */
	// The name of secret containing the validation context (i.e. root ca)
	ValidationContextName string `` /* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*SDSConfig) Clone 

func (m *SDSConfig) Clone() proto.Message

Clone function

func (*SDSConfig) Descriptor deprecated 

func (*SDSConfig) Descriptor() ([]byte, []int)

Deprecated: Use SDSConfig.ProtoReflect.Descriptor instead.

func (*SDSConfig) Equal 

func (m *SDSConfig) Equal(that interface{}) bool

Equal function

func (*SDSConfig) GetCallCredentials 

func (x *SDSConfig) GetCallCredentials() *CallCredentials

func (*SDSConfig) GetCertificatesSecretName 

func (x *SDSConfig) GetCertificatesSecretName() string

func (*SDSConfig) GetClusterName 

func (x *SDSConfig) GetClusterName() string

func (*SDSConfig) GetSdsBuilder 

func (m *SDSConfig) GetSdsBuilder() isSDSConfig_SdsBuilder

func (*SDSConfig) GetTargetUri 

func (x *SDSConfig) GetTargetUri() string

func (*SDSConfig) GetValidationContextName 

func (x *SDSConfig) GetValidationContextName() string

func (*SDSConfig) Hash deprecated 

func (m *SDSConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SDSConfig) HashUnique added in v1.18.0 

func (m *SDSConfig) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SDSConfig) ProtoMessage 

func (*SDSConfig) ProtoMessage()

func (*SDSConfig) ProtoReflect 

func (x *SDSConfig) ProtoReflect() protoreflect.Message

func (*SDSConfig) Reset 

func (x *SDSConfig) Reset()

func (*SDSConfig) String 

func (x *SDSConfig) String() string

type SDSConfig_CallCredentials 

type SDSConfig_CallCredentials struct {
	// Call credentials.
	CallCredentials *CallCredentials `protobuf:"bytes,2,opt,name=call_credentials,json=callCredentials,proto3,oneof"`
}

type SDSConfig_ClusterName 

type SDSConfig_ClusterName struct {
	// The name of the sds cluster in envoy
	ClusterName string `protobuf:"bytes,5,opt,name=cluster_name,json=clusterName,proto3,oneof"`
}

type SSLFiles 

type SSLFiles struct {
	TlsCert string `protobuf:"bytes,1,opt,name=tls_cert,json=tlsCert,proto3" json:"tls_cert,omitempty"`
	TlsKey  string `protobuf:"bytes,2,opt,name=tls_key,json=tlsKey,proto3" json:"tls_key,omitempty"`
	// for client cert validation. optional
	RootCa string `protobuf:"bytes,3,opt,name=root_ca,json=rootCa,proto3" json:"root_ca,omitempty"`
	// stapled ocsp response. optional
	// should be der-encoded
	OcspStaple string `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"`
	// contains filtered or unexported fields
}

SSLFiles reference paths to certificates which can be read by the proxy off of its local filesystem

func (*SSLFiles) Clone 

func (m *SSLFiles) Clone() proto.Message

Clone function

func (*SSLFiles) Descriptor deprecated 

func (*SSLFiles) Descriptor() ([]byte, []int)

Deprecated: Use SSLFiles.ProtoReflect.Descriptor instead.

func (*SSLFiles) Equal 

func (m *SSLFiles) Equal(that interface{}) bool

Equal function

func (*SSLFiles) GetOcspStaple added in v1.14.2 

func (x *SSLFiles) GetOcspStaple() string

func (*SSLFiles) GetRootCa 

func (x *SSLFiles) GetRootCa() string

func (*SSLFiles) GetTlsCert 

func (x *SSLFiles) GetTlsCert() string

func (*SSLFiles) GetTlsKey 

func (x *SSLFiles) GetTlsKey() string

func (*SSLFiles) Hash deprecated 

func (m *SSLFiles) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SSLFiles) HashUnique added in v1.18.0 

func (m *SSLFiles) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SSLFiles) ProtoMessage 

func (*SSLFiles) ProtoMessage()

func (*SSLFiles) ProtoReflect 

func (x *SSLFiles) ProtoReflect() protoreflect.Message

func (*SSLFiles) Reset 

func (x *SSLFiles) Reset()

func (*SSLFiles) String 

func (x *SSLFiles) String() string

type SslConfig 

type SslConfig struct {

	// Types that are assignable to SslSecrets:
	//
	//	*SslConfig_SecretRef
	//	*SslConfig_SslFiles
	//	*SslConfig_Sds
	SslSecrets isSslConfig_SslSecrets `protobuf_oneof:"ssl_secrets"`
	// optional. the SNI domains that should be considered for TLS connections
	SniDomains []string `protobuf:"bytes,3,rep,name=sni_domains,json=sniDomains,proto3" json:"sni_domains,omitempty"`
	// Verify that the Subject Alternative Name in the peer certificate is one of the specified values.
	// note that a root_ca must be provided if this option is used.
	VerifySubjectAltName []string       `protobuf:"bytes,5,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"`
	Parameters           *SslParameters `protobuf:"bytes,6,opt,name=parameters,proto3" json:"parameters,omitempty"`
	// Set Application Level Protocol Negotiation
	// If empty, defaults to ["h2", "http/1.1"].
	// As an advanced option you may use ["allow_empty"] to avoid defaults and set alpn to have no alpn set (ie pass empty slice).
	AlpnProtocols []string `protobuf:"bytes,7,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
	// If the SSL config has the ca.crt (root CA) provided, Gloo uses it to perform mTLS by default.
	// Set oneWayTls to true to disable mTLS in favor of server-only TLS (one-way TLS), even if Gloo has the root CA.
	// If unset, defaults to false.
	OneWayTls *wrapperspb.BoolValue `protobuf:"bytes,8,opt,name=one_way_tls,json=oneWayTls,proto3" json:"one_way_tls,omitempty"`
	// If set to true, the TLS session resumption will be deactivated, note that it deactivates only the tickets based tls session resumption (not the cache).
	DisableTlsSessionResumption *wrapperspb.BoolValue `` /* 146-byte string literal not displayed */
	// If present and nonzero, the amount of time to allow incoming connections to complete any
	// transport socket negotiations. If this expires before the transport reports connection
	// establishment, the connection is summarily closed.
	TransportSocketConnectTimeout *durationpb.Duration `` /* 153-byte string literal not displayed */
	// The OCSP staple policy to use for this listener.
	// Defaults to `LENIENT_STAPLING`.
	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/tls.proto#enum-extensions-transport-sockets-tls-v3-downstreamtlscontext-ocspstaplepolicy
	OcspStaplePolicy SslConfig_OcspStaplePolicy `` /* 158-byte string literal not displayed */
	// contains filtered or unexported fields
}

SslConfig contains the options necessary to configure a virtual host or listener to use TLS termination

func (*SslConfig) Clone 

func (m *SslConfig) Clone() proto.Message

Clone function

func (*SslConfig) Descriptor deprecated 

func (*SslConfig) Descriptor() ([]byte, []int)

Deprecated: Use SslConfig.ProtoReflect.Descriptor instead.

func (*SslConfig) Equal 

func (m *SslConfig) Equal(that interface{}) bool

Equal function

func (*SslConfig) GetAlpnProtocols 

func (x *SslConfig) GetAlpnProtocols() []string

func (*SslConfig) GetDisableTlsSessionResumption 

func (x *SslConfig) GetDisableTlsSessionResumption() *wrapperspb.BoolValue

func (*SslConfig) GetOcspStaplePolicy added in v1.14.2 

func (x *SslConfig) GetOcspStaplePolicy() SslConfig_OcspStaplePolicy

func (*SslConfig) GetOneWayTls 

func (x *SslConfig) GetOneWayTls() *wrapperspb.BoolValue

func (*SslConfig) GetParameters 

func (x *SslConfig) GetParameters() *SslParameters

func (*SslConfig) GetSds 

func (x *SslConfig) GetSds() *SDSConfig

func (*SslConfig) GetSecretRef 

func (x *SslConfig) GetSecretRef() *core.ResourceRef

func (*SslConfig) GetSniDomains 

func (x *SslConfig) GetSniDomains() []string

func (*SslConfig) GetSslFiles 

func (x *SslConfig) GetSslFiles() *SSLFiles

func (*SslConfig) GetSslSecrets 

func (m *SslConfig) GetSslSecrets() isSslConfig_SslSecrets

func (*SslConfig) GetTransportSocketConnectTimeout 

func (x *SslConfig) GetTransportSocketConnectTimeout() *durationpb.Duration

func (*SslConfig) GetVerifySubjectAltName 

func (x *SslConfig) GetVerifySubjectAltName() []string

func (*SslConfig) Hash deprecated 

func (m *SslConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SslConfig) HashUnique added in v1.18.0 

func (m *SslConfig) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SslConfig) ProtoMessage 

func (*SslConfig) ProtoMessage()

func (*SslConfig) ProtoReflect 

func (x *SslConfig) ProtoReflect() protoreflect.Message

func (*SslConfig) Reset 

func (x *SslConfig) Reset()

func (*SslConfig) String 

func (x *SslConfig) String() string

type SslConfig_OcspStaplePolicy added in v1.14.2 

type SslConfig_OcspStaplePolicy int32
const (
	// OCSP responses are optional. If none is provided, or the provided response is expired, the associated certificate will be used without the OCSP response.
	SslConfig_LENIENT_STAPLING SslConfig_OcspStaplePolicy = 0
	// OCSP responses are optional. If none is provided, the associated certificate will be used without the OCSP response.
	// If a response is present, but expired, the certificate will not be used for connections.
	// If no suitable certificate is found, the connection is rejected.
	SslConfig_STRICT_STAPLING SslConfig_OcspStaplePolicy = 1
	// OCSP responses are required. If no `ocsp_staple` is set on a certificate, configuration will fail.
	// If a response is expired, the associated certificate will not be used.
	// If no suitable certificate is found, the connection is rejected.
	SslConfig_MUST_STAPLE SslConfig_OcspStaplePolicy = 2
)

func (SslConfig_OcspStaplePolicy) Descriptor added in v1.14.2 

func (SslConfig_OcspStaplePolicy) Descriptor() protoreflect.EnumDescriptor

func (SslConfig_OcspStaplePolicy) Enum added in v1.14.2 

func (x SslConfig_OcspStaplePolicy) Enum() *SslConfig_OcspStaplePolicy

func (SslConfig_OcspStaplePolicy) EnumDescriptor deprecated added in v1.14.2 

func (SslConfig_OcspStaplePolicy) EnumDescriptor() ([]byte, []int)

Deprecated: Use SslConfig_OcspStaplePolicy.Descriptor instead.

func (SslConfig_OcspStaplePolicy) Number added in v1.14.2 

func (x SslConfig_OcspStaplePolicy) Number() protoreflect.EnumNumber

func (SslConfig_OcspStaplePolicy) String added in v1.14.2 

func (x SslConfig_OcspStaplePolicy) String() string

func (SslConfig_OcspStaplePolicy) Type added in v1.14.2 

func (SslConfig_OcspStaplePolicy) Type() protoreflect.EnumType

type SslConfig_Sds 

type SslConfig_Sds struct {
	// Use secret discovery service.
	Sds *SDSConfig `protobuf:"bytes,4,opt,name=sds,proto3,oneof"`
}

type SslConfig_SecretRef 

type SslConfig_SecretRef struct {
	// SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret.
	// gloo tls secret can contain a root ca as well if verification is needed.
	SecretRef *core.ResourceRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3,oneof"`
}

type SslConfig_SslFiles 

type SslConfig_SslFiles struct {
	// SSLFiles reference paths to certificates which are local to the proxy
	SslFiles *SSLFiles `protobuf:"bytes,2,opt,name=ssl_files,json=sslFiles,proto3,oneof"`
}

type SslParameters 

type SslParameters struct {
	MinimumProtocolVersion SslParameters_ProtocolVersion `` /* 178-byte string literal not displayed */
	MaximumProtocolVersion SslParameters_ProtocolVersion `` /* 178-byte string literal not displayed */
	CipherSuites           []string                      `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"`
	EcdhCurves             []string                      `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"`
	// contains filtered or unexported fields
}

General TLS parameters. See the [envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters) for more information on the meaning of these values.

func (*SslParameters) Clone 

func (m *SslParameters) Clone() proto.Message

Clone function

func (*SslParameters) Descriptor deprecated 

func (*SslParameters) Descriptor() ([]byte, []int)

Deprecated: Use SslParameters.ProtoReflect.Descriptor instead.

func (*SslParameters) Equal 

func (m *SslParameters) Equal(that interface{}) bool

Equal function

func (*SslParameters) GetCipherSuites 

func (x *SslParameters) GetCipherSuites() []string

func (*SslParameters) GetEcdhCurves 

func (x *SslParameters) GetEcdhCurves() []string

func (*SslParameters) GetMaximumProtocolVersion 

func (x *SslParameters) GetMaximumProtocolVersion() SslParameters_ProtocolVersion

func (*SslParameters) GetMinimumProtocolVersion 

func (x *SslParameters) GetMinimumProtocolVersion() SslParameters_ProtocolVersion

func (*SslParameters) Hash deprecated 

func (m *SslParameters) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*SslParameters) HashUnique added in v1.18.0 

func (m *SslParameters) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*SslParameters) ProtoMessage 

func (*SslParameters) ProtoMessage()

func (*SslParameters) ProtoReflect 

func (x *SslParameters) ProtoReflect() protoreflect.Message

func (*SslParameters) Reset 

func (x *SslParameters) Reset()

func (*SslParameters) String 

func (x *SslParameters) String() string

type SslParameters_ProtocolVersion 

type SslParameters_ProtocolVersion int32
const (
	// Envoy will choose the optimal TLS version.
	SslParameters_TLS_AUTO SslParameters_ProtocolVersion = 0
	// TLS 1.0
	SslParameters_TLSv1_0 SslParameters_ProtocolVersion = 1
	// TLS 1.1
	SslParameters_TLSv1_1 SslParameters_ProtocolVersion = 2
	// TLS 1.2
	SslParameters_TLSv1_2 SslParameters_ProtocolVersion = 3
	// TLS 1.3
	SslParameters_TLSv1_3 SslParameters_ProtocolVersion = 4
)

func (SslParameters_ProtocolVersion) Descriptor 

func (SslParameters_ProtocolVersion) Descriptor() protoreflect.EnumDescriptor

func (SslParameters_ProtocolVersion) Enum 

func (x SslParameters_ProtocolVersion) Enum() *SslParameters_ProtocolVersion

func (SslParameters_ProtocolVersion) EnumDescriptor deprecated 

func (SslParameters_ProtocolVersion) EnumDescriptor() ([]byte, []int)

Deprecated: Use SslParameters_ProtocolVersion.Descriptor instead.

func (SslParameters_ProtocolVersion) Number 

func (x SslParameters_ProtocolVersion) Number() protoreflect.EnumNumber

func (SslParameters_ProtocolVersion) String 

func (x SslParameters_ProtocolVersion) String() string

func (SslParameters_ProtocolVersion) Type 

func (SslParameters_ProtocolVersion) Type() protoreflect.EnumType

type UpstreamSslConfig 

type UpstreamSslConfig struct {

	// Types that are assignable to SslSecrets:
	//
	//	*UpstreamSslConfig_SecretRef
	//	*UpstreamSslConfig_SslFiles
	//	*UpstreamSslConfig_Sds
	SslSecrets isUpstreamSslConfig_SslSecrets `protobuf_oneof:"ssl_secrets"`
	// optional. the SNI domains that should be considered for TLS connections
	Sni string `protobuf:"bytes,3,opt,name=sni,proto3" json:"sni,omitempty"`
	// Verify that the Subject Alternative Name in the peer certificate is one of the specified values.
	// note that a root_ca must be provided if this option is used.
	VerifySubjectAltName []string       `protobuf:"bytes,5,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"`
	Parameters           *SslParameters `protobuf:"bytes,7,opt,name=parameters,proto3" json:"parameters,omitempty"`
	// Set Application Level Protocol Negotiation.
	// If empty, it is not set.
	AlpnProtocols []string `protobuf:"bytes,8,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
	// Allow Tls renegotiation, the default value is false.
	// TLS renegotiation is considered insecure and shouldn’t be used unless absolutely necessary.
	AllowRenegotiation *wrapperspb.BoolValue `protobuf:"bytes,10,opt,name=allow_renegotiation,json=allowRenegotiation,proto3" json:"allow_renegotiation,omitempty"`
	// If the SSL config has the ca.crt (root CA) provided, Gloo uses it to perform mTLS by default.
	// Set oneWayTls to true to disable mTLS in favor of server-only TLS (one-way TLS), even if Gloo has the root CA.
	// This flag does nothing if SDS is configured.
	// If unset, defaults to false.
	OneWayTls *wrapperspb.BoolValue `protobuf:"bytes,11,opt,name=one_way_tls,json=oneWayTls,proto3" json:"one_way_tls,omitempty"`
	// contains filtered or unexported fields
}

SslConfig contains the options necessary to configure an upstream to use TLS origination

func (*UpstreamSslConfig) Clone 

func (m *UpstreamSslConfig) Clone() proto.Message

Clone function

func (*UpstreamSslConfig) Descriptor deprecated 

func (*UpstreamSslConfig) Descriptor() ([]byte, []int)

Deprecated: Use UpstreamSslConfig.ProtoReflect.Descriptor instead.

func (*UpstreamSslConfig) Equal 

func (m *UpstreamSslConfig) Equal(that interface{}) bool

Equal function

func (*UpstreamSslConfig) GetAllowRenegotiation 

func (x *UpstreamSslConfig) GetAllowRenegotiation() *wrapperspb.BoolValue

func (*UpstreamSslConfig) GetAlpnProtocols 

func (x *UpstreamSslConfig) GetAlpnProtocols() []string

func (*UpstreamSslConfig) GetOneWayTls added in v1.18.0 

func (x *UpstreamSslConfig) GetOneWayTls() *wrapperspb.BoolValue

func (*UpstreamSslConfig) GetParameters 

func (x *UpstreamSslConfig) GetParameters() *SslParameters

func (*UpstreamSslConfig) GetSds 

func (x *UpstreamSslConfig) GetSds() *SDSConfig

func (*UpstreamSslConfig) GetSecretRef 

func (x *UpstreamSslConfig) GetSecretRef() *core.ResourceRef

func (*UpstreamSslConfig) GetSni 

func (x *UpstreamSslConfig) GetSni() string

func (*UpstreamSslConfig) GetSslFiles 

func (x *UpstreamSslConfig) GetSslFiles() *SSLFiles

func (*UpstreamSslConfig) GetSslSecrets 

func (m *UpstreamSslConfig) GetSslSecrets() isUpstreamSslConfig_SslSecrets

func (*UpstreamSslConfig) GetVerifySubjectAltName 

func (x *UpstreamSslConfig) GetVerifySubjectAltName() []string

func (*UpstreamSslConfig) Hash deprecated 

func (m *UpstreamSslConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*UpstreamSslConfig) HashUnique added in v1.18.0 

func (m *UpstreamSslConfig) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*UpstreamSslConfig) ProtoMessage 

func (*UpstreamSslConfig) ProtoMessage()

func (*UpstreamSslConfig) ProtoReflect 

func (x *UpstreamSslConfig) ProtoReflect() protoreflect.Message

func (*UpstreamSslConfig) Reset 

func (x *UpstreamSslConfig) Reset()

func (*UpstreamSslConfig) String 

func (x *UpstreamSslConfig) String() string

type UpstreamSslConfig_Sds 

type UpstreamSslConfig_Sds struct {
	// Use secret discovery service.
	Sds *SDSConfig `protobuf:"bytes,4,opt,name=sds,proto3,oneof"`
}

type UpstreamSslConfig_SecretRef 

type UpstreamSslConfig_SecretRef struct {
	// SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret.
	// gloo tls secret can contain a root ca as well if verification is needed.
	SecretRef *core.ResourceRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3,oneof"`
}

type UpstreamSslConfig_SslFiles 

type UpstreamSslConfig_SslFiles struct {
	// SSLFiles reference paths to certificates which are local to the proxy
	SslFiles *SSLFiles `protobuf:"bytes,2,opt,name=ssl_files,json=sslFiles,proto3,oneof"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.