- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 20 for subjectAltNames (0.42 sec)
-
pilot/pkg/networking/core/cluster_tls.go
// Use subject alt names specified in service entry if TLS settings does not have subject alt names. if opts.serviceRegistry == provider.External && len(tls.SubjectAltNames) == 0 { tls = tls.DeepCopy() tls.SubjectAltNames = opts.serviceAccounts } if tls.CredentialName != "" { // If credential name is specified at Destination Rule config and originating node is egress gateway, create
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 19.2K bytes - Viewed (0) -
istioctl/pkg/writer/ztunnel/configdump/testdata/dump.json
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Apr 16 03:28:36 UTC 2024 - 33.1K bytes - Viewed (0) -
pilot/pkg/security/model/authentication.go
tlsOpts.CredentialName+SdsCaSuffix, credentialSocketExist), }, } } else if len(tlsOpts.SubjectAltNames) > 0 { tlsContext.ValidationContextType = &tls.CommonTlsContext_ValidationContext{ ValidationContext: &tls.CertificateValidationContext{ MatchSubjectAltNames: util.StringToExactMatch(tlsOpts.SubjectAltNames), }, } } } func EnforceGoCompliance(ctx *gotls.Config) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 22:11:02 UTC 2024 - 9.9K bytes - Viewed (0) -
pkg/bootstrap/option/convert.go
CombinedValidationContext: &auth.CommonTlsContext_CombinedCertificateValidationContext{ DefaultValidationContext: &auth.CertificateValidationContext{MatchSubjectAltNames: model.StringToExactMatch(tls.SubjectAltNames)}, ValidationContextSdsSecretConfig: model.ConstructSdsSecretConfig(res.GetRootResourceName()), }, } tlsContext.CommonTlsContext.AlpnProtocols = model.ALPNH2Only tlsContext.Sni = tls.Sni
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Apr 02 00:35:05 UTC 2024 - 10.2K bytes - Viewed (0) -
pkg/config/validation/agent/validation.go
// In tls simple mode, we can specify ca cert by CaCertificates or CredentialName. if settings.CaCertificates != "" || settings.CredentialName != "" || settings.SubjectAltNames != nil { errs = AppendErrors(errs, fmt.Errorf("cannot specify CaCertificates or CredentialName or SubjectAltNames when InsecureSkipVerify is set true")) } } if settings.Mode == networking.ClientTLSSettings_MUTUAL {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 30.9K bytes - Viewed (0) -
pilot/pkg/serviceregistry/serviceentry/conversion.go
Addresses: svc.GetAddresses(proxy), // This is based on alpha.istio.io/canonical-serviceaccounts and // alpha.istio.io/kubernetes-serviceaccounts. SubjectAltNames: svc.ServiceAccounts, } if len(svc.Attributes.LabelSelectors) > 0 { se.WorkloadSelector = &networking.WorkloadSelector{Labels: svc.Attributes.LabelSelectors} }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 02:03:58 UTC 2024 - 16.9K bytes - Viewed (0) -
tests/integration/security/file_mounted_certs/main_test.go
func setupApps(ctx resource.Context, customNs namespace.Getter, customCfg *[]echo.Config) error { appsNamespace := customNs.Get() // Server certificate has "server.file-mounted.svc" in SANs; Same is expected in DestinationRule.subjectAltNames for the test Echo server // This cert is going to be used as a server and "client" certificate on the "Echo Server"'s side err := CreateCustomSecret(ctx, ServerSecretName, appsNamespace, ServerCertsPath) if err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 13.4K bytes - Viewed (0) -
manifests/charts/gateways/istio-ingress/values.yaml
# privateKey: # example: /etc/istio/tracer/key.pem # caCertificates: # example: /etc/istio/tracer/root-cert.pem # sni: # example: tracer.somedomain # subjectAltNames: []
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 27 16:55:16 UTC 2024 - 13K bytes - Viewed (0) -
staging/src/k8s.io/api/certificates/v1/types_swagger_doc_generated.go
signer defines:\n 1. Trust distribution: how trust (CA bundles) are distributed.\n 2. Permitted subjects: and behavior when a disallowed subject is requested.\n 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.\n 4. Required, permitted, or forbidden key usages / extended key usages.\n 5. Expiration/certificate lifetime: whether it is fixed...
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sun Jan 22 00:51:25 UTC 2023 - 10.9K bytes - Viewed (0) -
staging/src/k8s.io/api/certificates/v1/generated.proto
// 2. Permitted subjects: and behavior when a disallowed subject is requested. // 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. // 4. Required, permitted, or forbidden key usages / extended key usages.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 28 15:34:11 UTC 2024 - 11.6K bytes - Viewed (0)