Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for VerifyCertAtClient (3.48 sec)

  2. github.com/istio/istio

    pilot/pkg/networking/core/cluster_tls.go 

    	}
}

// Set auto_sni if EnableAutoSni feature flag is enabled and if sni field is not explicitly set in DR.
// Set auto_san_validation if VerifyCertAtClient feature flag is enabled and if there is no explicit SubjectAltNames specified  in DR.
func (cb *ClusterBuilder) setAutoSniAndAutoSanValidation(mc *clusterWrapper, tls *networking.ClientTLSSettings) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Apr 18 19:09:43 UTC 2024
    - 19.2K bytes
    - Viewed (0)
  3. github.com/istio/istio

    pilot/pkg/networking/core/cluster_test.go 

    				Tls: &networking.ClientTLSSettings{
					CaCertificates: "",
				},
			},
			verifyCertAtClient: false,
			expectedCARootPath: "",
		},
	}

	for _, testCase := range testCases {
		t.Run(testCase.name, func(t *testing.T) {
			test.SetForTest(t, &features.VerifyCertAtClient, testCase.verifyCertAtClient)
			selectTrafficPolicyComponents(testCase.policy)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 01:56:28 UTC 2024
    - 108.8K bytes
    - Viewed (0)
  4. github.com/istio/istio

    pilot/pkg/networking/core/cluster_builder_test.go 

    		proxyView                 model.ProxyView
		destRule                  *networking.DestinationRule
		expectedCaCertificateName string
		enableVerifyCertAtClient  bool
	}{
		{
			name:        "VerifyCertAtClient set and destination rule with empty string CaCertificates",
			cluster:     &cluster.Cluster{Name: "foo", ClusterDiscoveryType: &cluster.Cluster_Type{Type: cluster.Cluster_EDS}},
			clusterMode: DefaultClusterMode,
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 01:56:28 UTC 2024
    - 110.4K bytes
    - Viewed (0)
  5. github.com/istio/istio

    pilot/pkg/features/pilot.go 

    	EnableAutoSni = env.Register("ENABLE_AUTO_SNI", true,
		"If enabled, automatically set SNI when `DestinationRules` do not specify the same").Get()

	VerifyCertAtClient = env.Register("VERIFY_CERTIFICATE_AT_CLIENT", true,
		"If enabled, certificates received by the proxy will be verified against the OS CA certificate bundle.").Get()
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 17:48:28 UTC 2024
    - 13.3K bytes
    - Viewed (0)
  6. github.com/istio/istio

    pilot/pkg/networking/core/cluster_traffic_policy.go 

    	outlierDetection := policy.OutlierDetection
	loadBalancer := policy.LoadBalancer
	tls := policy.Tls
	proxyProtocol := policy.ProxyProtocol

	// Check if CA Certificate should be System CA Certificate
	if features.VerifyCertAtClient && tls != nil && tls.CaCertificates == "" {
		tls.CaCertificates = "system"
	}

	return connectionPool, outlierDetection, loadBalancer, tls, proxyProtocol
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Apr 23 05:38:57 UTC 2024
    - 20K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pilot/pkg/networking/core/cluster_tls_test.go 

    				err: nil,
			},
		},
	}
	for _, tc := range testCases {
		t.Run(tc.name, func(t *testing.T) {
			test.SetForTest(t, &features.EnableAutoSni, tc.enableAutoSni)
			test.SetForTest(t, &features.VerifyCertAtClient, tc.enableVerifyCertAtClient)
			var proxy *model.Proxy
			if tc.router {
				proxy = newGatewayProxy()
			} else {
				proxy = newSidecarProxy()
			}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon May 06 03:53:05 UTC 2024
    - 60.9K bytes
    - Viewed (0)
Back to top