package envoy.extensions.rbac.principals.mtls_authenticated.v3

Get desktop application:
View/edit binary Protocol Buffers messages

Authentication attributes for a downstream mTLS connection. All modes require that a peer certificate was presented and validated using the ValidationContext in the DownstreamTlsContext configuration. If neither field is set, a configuration loading error will be generated. This is so that not validating SANs requires an affirmative configuration to disable, to prevent accidentally not configuring SAN validation. If ``any_validated_client_certificate`` is set in addition to ``san_matcher`` or a future field which specifies additional validation, the other field always takes precedence over ``any_validated_client_certificate`` and all specified validation is performed.

optional transport_sockets.tls.v3.SubjectAltNameMatcher san_matcher = 1
Specifies a SAN that must be present in the validated peer certificate.
bool any_validated_client_certificate = 2
Only require that the peer certificate is present and valid.

package envoy.extensions.rbac.principals.mtls_authenticated.v3

message Config

optional transport_sockets.tls.v3.SubjectAltNameMatcher san_matcher = 1

bool any_validated_client_certificate = 2