Add "crl" field to CertificateValidationContext#249
Closed
adunham-stripe wants to merge 1 commit intoenvoyproxy:masterfrom
Closed
Add "crl" field to CertificateValidationContext#249adunham-stripe wants to merge 1 commit intoenvoyproxy:masterfrom
adunham-stripe wants to merge 1 commit intoenvoyproxy:masterfrom
Conversation
Signed-off-by: Andrew Dunham <adunham@stripe.com>
adunham-stripe
force-pushed
the
adunham/add-crl
branch
from
9501d1f to
795a2d9
Compare
ggreenway
requested changes
Nov 17, 2017
| // Must present signed certificate time-stamp. | ||
| google.protobuf.BoolValue require_signed_certificate_timestamp = 6; | ||
|
|
||
| // If specified, Envoy will verify certificates against this CRL. |
Member
There was a problem hiding this comment.
Are there multiple possible formats (anything besides PEM)? If so, please document the expected format.
| google.protobuf.BoolValue require_signed_certificate_timestamp = 6; | ||
|
|
||
| // If specified, Envoy will verify certificates against this CRL. | ||
| DataSource crl = 7; |
Member
There was a problem hiding this comment.
Per your other PR in which you mention having multiple CRLs, should this be repeated? (From an API perspective please future-proof it).
Member
|
Going to go ahead and close this for now. We can reopen when we want to work on this again. |
Contributor
Author
|
@mattklein123 @ggreenway - As per my comment on envoyproxy/envoy#2077, I decided not to add support for multiple CRL files. I did push a commit that adds docs, though! |
Member
|
@adunham-stripe like the other one I can't seem to reopen this. Do you mind opening a fresh PR? |
Contributor
Author
|
Done! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Required in order to verify CRLs in Envoy.