Skip to content

Commit

Permalink
internal: refactor addition of upstreamTLS to commonTlsContext
Browse files Browse the repository at this point in the history 
Signed-off-by: Clay Kauzlaric <[email protected]>
  • Loading branch information
@KauzClay
KauzClay committed Oct 13, 2023
1 parent e83241b commit cdcbb81
Showing 1 changed file with 8 additions and 11 deletions.
19 changes: 8 additions & 11 deletions internal/envoy/v3/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,25 +34,22 @@ func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni st
}}
}

tlsParams := &envoy_v3_tls.TlsParameters{}

if upstreamTLS != nil {
tlsParams = &envoy_v3_tls.TlsParameters{
TlsMinimumProtocolVersion: ParseTLSVersion(upstreamTLS.MinimumProtocolVersion),
TlsMaximumProtocolVersion: ParseTLSVersion(upstreamTLS.MaximumProtocolVersion),
CipherSuites: tlsParams.CipherSuites,
}
}

context := &envoy_v3_tls.UpstreamTlsContext{
CommonTlsContext: &envoy_v3_tls.CommonTlsContext{
TlsParams: tlsParams,
AlpnProtocols: alpnProtocols,
TlsCertificateSdsSecretConfigs: clientSecretConfigs,
},
Sni: sni,
}

if upstreamTLS != nil {
context.CommonTlsContext.TlsParams = &envoy_v3_tls.TlsParameters{
TlsMinimumProtocolVersion: ParseTLSVersion(upstreamTLS.MinimumProtocolVersion),
TlsMaximumProtocolVersion: ParseTLSVersion(upstreamTLS.MaximumProtocolVersion),
CipherSuites: upstreamTLS.CipherSuites,
}
}

if peerValidationContext.GetCACertificate() != nil && len(peerValidationContext.GetSubjectName()) > 0 {
// We have to explicitly assign the value from validationContext
// to context.CommonTlsContext.ValidationContextType because the
Expand Down

0 comments on commit cdcbb81

Please sign in to comment.