Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
- data TlsValidationContext = TlsValidationContext' {}
- newTlsValidationContext :: TlsValidationContextTrust -> TlsValidationContext
- tlsValidationContext_subjectAlternativeNames :: Lens' TlsValidationContext (Maybe SubjectAlternativeNames)
- tlsValidationContext_trust :: Lens' TlsValidationContext TlsValidationContextTrust
Documentation
data TlsValidationContext Source #
An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.
See: newTlsValidationContext
smart constructor.
TlsValidationContext' | |
|
Instances
newTlsValidationContext Source #
Create a value of TlsValidationContext
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:subjectAlternativeNames:TlsValidationContext'
, tlsValidationContext_subjectAlternativeNames
- A reference to an object that represents the SANs for a Transport Layer
Security (TLS) validation context. If you don't specify SANs on the
terminating mesh endpoint, the Envoy proxy for that node doesn't
verify the SAN on a peer client certificate. If you don't specify SANs
on the originating mesh endpoint, the SAN on the certificate provided
by the terminating endpoint must match the mesh endpoint service
discovery configuration. Since SPIRE vended certificates have a SPIFFE
ID as a name, you must set the SAN since the name doesn't match the
service discovery name.
$sel:trust:TlsValidationContext'
, tlsValidationContext_trust
- A reference to where to retrieve the trust chain when validating a
peer’s Transport Layer Security (TLS) certificate.
tlsValidationContext_subjectAlternativeNames :: Lens' TlsValidationContext (Maybe SubjectAlternativeNames) Source #
A reference to an object that represents the SANs for a Transport Layer Security (TLS) validation context. If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration. Since SPIRE vended certificates have a SPIFFE ID as a name, you must set the SAN since the name doesn't match the service discovery name.
tlsValidationContext_trust :: Lens' TlsValidationContext TlsValidationContextTrust Source #
A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.