Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	TlsParameters_TlsProtocol_name = map[int32]string{
		0: "TLS_AUTO",
		1: "TLSv1_0",
		2: "TLSv1_1",
		3: "TLSv1_2",
		4: "TLSv1_3",
	}
	TlsParameters_TlsProtocol_value = map[string]int32{
		"TLS_AUTO": 0,
		"TLSv1_0":  1,
		"TLSv1_1":  2,
		"TLSv1_2":  3,
		"TLSv1_3":  4,
	}
)

    Enum value maps for TlsParameters_TlsProtocol.

    View Source
    var (
    	CertificateValidationContext_TrustChainVerification_name = map[int32]string{
    		0: "VERIFY_TRUST_CHAIN",
    		1: "ACCEPT_UNTRUSTED",
    	}
    	CertificateValidationContext_TrustChainVerification_value = map[string]int32{
    		"VERIFY_TRUST_CHAIN": 0,
    		"ACCEPT_UNTRUSTED":   1,
    	}
    )

      Enum value maps for CertificateValidationContext_TrustChainVerification.

      View Source
      var (
      	DownstreamTlsContext_OcspStaplePolicy_name = map[int32]string{
      		0: "LENIENT_STAPLING",
      		1: "STRICT_STAPLING",
      		2: "MUST_STAPLE",
      	}
      	DownstreamTlsContext_OcspStaplePolicy_value = map[string]int32{
      		"LENIENT_STAPLING": 0,
      		"STRICT_STAPLING":  1,
      		"MUST_STAPLE":      2,
      	}
      )

        Enum value maps for DownstreamTlsContext_OcspStaplePolicy.

        View Source
        var File_envoy_extensions_transport_sockets_tls_v3_cert_proto protoreflect.FileDescriptor
        View Source
        var File_envoy_extensions_transport_sockets_tls_v3_common_proto protoreflect.FileDescriptor
        View Source
        var File_envoy_extensions_transport_sockets_tls_v3_secret_proto protoreflect.FileDescriptor
        View Source
        var File_envoy_extensions_transport_sockets_tls_v3_tls_proto protoreflect.FileDescriptor

        Functions

        This section is empty.

        Types

        type CertificateValidationContext

        type CertificateValidationContext struct {
        
        	// TLS certificate data containing certificate authority certificates to use in verifying
        	// a presented peer certificate (e.g. server certificate for clusters or client certificate
        	// for listeners). If not specified and a peer certificate is presented it will not be
        	// verified. By default, a client certificate is optional, unless one of the additional
        	// options (:ref:`require_client_certificate
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.require_client_certificate>`,
        	// :ref:`verify_certificate_spki
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>`,
        	// :ref:`verify_certificate_hash
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>`, or
        	// :ref:`match_subject_alt_names
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.match_subject_alt_names>`) is also
        	// specified.
        	//
        	// It can optionally contain certificate revocation lists, in which case Envoy will verify
        	// that the presented peer certificate has not been revoked by one of the included CRLs. Note
        	// that if a CRL is provided for any certificate authority in a trust chain, a CRL must be
        	// provided for all certificate authorities in that chain. Failure to do so will result in
        	// verification failure for both revoked and unrevoked certificates from that chain.
        	//
        	// See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common
        	// system CA locations.
        	TrustedCa *v3.DataSource `protobuf:"bytes,1,opt,name=trusted_ca,json=trustedCa,proto3" json:"trusted_ca,omitempty"`
        	// An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the
        	// SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate
        	// matches one of the specified values.
        	//
        	// A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate
        	// can be generated with the following command:
        	//
        	// .. code-block:: bash
        	//
        	//   $ openssl x509 -in path/to/client.crt -noout -pubkey
        	//     | openssl pkey -pubin -outform DER
        	//     | openssl dgst -sha256 -binary
        	//     | openssl enc -base64
        	//   NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A=
        	//
        	// This is the format used in HTTP Public Key Pinning.
        	//
        	// When both:
        	// :ref:`verify_certificate_hash
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and
        	// :ref:`verify_certificate_spki
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified,
        	// a hash matching value from either of the lists will result in the certificate being accepted.
        	//
        	// .. attention::
        	//
        	//   This option is preferred over :ref:`verify_certificate_hash
        	//   <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>`,
        	//   because SPKI is tied to a private key, so it doesn't change when the certificate
        	//   is renewed using the same private key.
        	VerifyCertificateSpki []string `` /* 126-byte string literal not displayed */
        	// An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that
        	// the SHA-256 of the DER-encoded presented certificate matches one of the specified values.
        	//
        	// A hex-encoded SHA-256 of the certificate can be generated with the following command:
        	//
        	// .. code-block:: bash
        	//
        	//   $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2
        	//   df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a
        	//
        	// A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate
        	// can be generated with the following command:
        	//
        	// .. code-block:: bash
        	//
        	//   $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2
        	//   DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A
        	//
        	// Both of those formats are acceptable.
        	//
        	// When both:
        	// :ref:`verify_certificate_hash
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and
        	// :ref:`verify_certificate_spki
        	// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified,
        	// a hash matching value from either of the lists will result in the certificate being accepted.
        	VerifyCertificateHash []string `` /* 126-byte string literal not displayed */
        	// An optional list of Subject Alternative name matchers. Envoy will verify that the
        	// Subject Alternative Name of the presented certificate matches one of the specified matches.
        	//
        	// When a certificate has wildcard DNS SAN entries, to match a specific client, it should be
        	// configured with exact match type in the :ref:`string matcher <envoy_api_msg_type.matcher.v3.StringMatcher>`.
        	// For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com",
        	// it should be configured as shown below.
        	//
        	// .. code-block:: yaml
        	//
        	//  match_subject_alt_names:
        	//    exact: "api.example.com"
        	//
        	// .. attention::
        	//
        	//   Subject Alternative Names are easily spoofable and verifying only them is insecure,
        	//   therefore this option must be used together with :ref:`trusted_ca
        	//   <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
        	MatchSubjectAltNames []*v31.StringMatcher `protobuf:"bytes,9,rep,name=match_subject_alt_names,json=matchSubjectAltNames,proto3" json:"match_subject_alt_names,omitempty"`
        	// [#not-implemented-hide:] Must present signed certificate time-stamp.
        	RequireSignedCertificateTimestamp *wrappers.BoolValue `` /* 164-byte string literal not displayed */
        	// An optional `certificate revocation list
        	// <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
        	// (in PEM format). If specified, Envoy will verify that the presented peer
        	// certificate has not been revoked by this CRL. If this DataSource contains
        	// multiple CRLs, all of them will be used. Note that if a CRL is provided
        	// for any certificate authority in a trust chain, a CRL must be provided
        	// for all certificate authorities in that chain. Failure to do so will
        	// result in verification failure for both revoked and unrevoked certificates
        	// from that chain.
        	Crl *v3.DataSource `protobuf:"bytes,7,opt,name=crl,proto3" json:"crl,omitempty"`
        	// If specified, Envoy will not reject expired certificates.
        	AllowExpiredCertificate bool `` /* 133-byte string literal not displayed */
        	// Certificate trust chain verification mode.
        	TrustChainVerification CertificateValidationContext_TrustChainVerification `` /* 230-byte string literal not displayed */
        	// Deprecated: Do not use.
        	HiddenEnvoyDeprecatedVerifySubjectAltName []string `` /* 194-byte string literal not displayed */
        	// contains filtered or unexported fields
        }

          [#next-free-field: 11]

          func (*CertificateValidationContext) Descriptor

          func (*CertificateValidationContext) Descriptor() ([]byte, []int)

            Deprecated: Use CertificateValidationContext.ProtoReflect.Descriptor instead.

            func (*CertificateValidationContext) GetAllowExpiredCertificate

            func (x *CertificateValidationContext) GetAllowExpiredCertificate() bool

            func (*CertificateValidationContext) GetCrl

            func (*CertificateValidationContext) GetHiddenEnvoyDeprecatedVerifySubjectAltName

            func (x *CertificateValidationContext) GetHiddenEnvoyDeprecatedVerifySubjectAltName() []string

              Deprecated: Do not use.

              func (*CertificateValidationContext) GetMatchSubjectAltNames

              func (x *CertificateValidationContext) GetMatchSubjectAltNames() []*v31.StringMatcher

              func (*CertificateValidationContext) GetRequireSignedCertificateTimestamp

              func (x *CertificateValidationContext) GetRequireSignedCertificateTimestamp() *wrappers.BoolValue

              func (*CertificateValidationContext) GetTrustChainVerification

              func (*CertificateValidationContext) GetTrustedCa

              func (x *CertificateValidationContext) GetTrustedCa() *v3.DataSource

              func (*CertificateValidationContext) GetVerifyCertificateHash

              func (x *CertificateValidationContext) GetVerifyCertificateHash() []string

              func (*CertificateValidationContext) GetVerifyCertificateSpki

              func (x *CertificateValidationContext) GetVerifyCertificateSpki() []string

              func (*CertificateValidationContext) ProtoMessage

              func (*CertificateValidationContext) ProtoMessage()

              func (*CertificateValidationContext) ProtoReflect

              func (*CertificateValidationContext) Reset

              func (x *CertificateValidationContext) Reset()

              func (*CertificateValidationContext) String

              func (*CertificateValidationContext) Validate

              func (m *CertificateValidationContext) Validate() error

                Validate checks the field values on CertificateValidationContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                type CertificateValidationContextValidationError

                type CertificateValidationContextValidationError struct {
                	// contains filtered or unexported fields
                }

                  CertificateValidationContextValidationError is the validation error returned by CertificateValidationContext.Validate if the designated constraints aren't met.

                  func (CertificateValidationContextValidationError) Cause

                    Cause function returns cause value.

                    func (CertificateValidationContextValidationError) Error

                      Error satisfies the builtin error interface

                      func (CertificateValidationContextValidationError) ErrorName

                        ErrorName returns error name.

                        func (CertificateValidationContextValidationError) Field

                          Field function returns field value.

                          func (CertificateValidationContextValidationError) Key

                            Key function returns key value.

                            func (CertificateValidationContextValidationError) Reason

                              Reason function returns reason value.

                              type CertificateValidationContext_TrustChainVerification

                              type CertificateValidationContext_TrustChainVerification int32

                                Peer certificate verification mode.

                                const (
                                	// Perform default certificate verification (e.g., against CA / verification lists)
                                	CertificateValidationContext_VERIFY_TRUST_CHAIN CertificateValidationContext_TrustChainVerification = 0
                                	// Connections where the certificate fails verification will be permitted.
                                	// For HTTP connections, the result of certificate verification can be used in route matching. (
                                	// see :ref:`validated <envoy_api_field_config.route.v3.RouteMatch.TlsContextMatchOptions.validated>` ).
                                	CertificateValidationContext_ACCEPT_UNTRUSTED CertificateValidationContext_TrustChainVerification = 1
                                )

                                func (CertificateValidationContext_TrustChainVerification) Descriptor

                                func (CertificateValidationContext_TrustChainVerification) Enum

                                func (CertificateValidationContext_TrustChainVerification) EnumDescriptor

                                  Deprecated: Use CertificateValidationContext_TrustChainVerification.Descriptor instead.

                                  func (CertificateValidationContext_TrustChainVerification) Number

                                  func (CertificateValidationContext_TrustChainVerification) String

                                  func (CertificateValidationContext_TrustChainVerification) Type

                                  type CommonTlsContext

                                  type CommonTlsContext struct {
                                  
                                  	// TLS protocol versions, cipher suites etc.
                                  	TlsParams *TlsParameters `protobuf:"bytes,1,opt,name=tls_params,json=tlsParams,proto3" json:"tls_params,omitempty"`
                                  	// :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
                                  	// same context to allow both RSA and ECDSA certificates.
                                  	//
                                  	// Only a single TLS certificate is supported in client contexts. In server contexts, the first
                                  	// RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
                                  	// used for clients that support ECDSA.
                                  	TlsCertificates []*TlsCertificate `protobuf:"bytes,2,rep,name=tls_certificates,json=tlsCertificates,proto3" json:"tls_certificates,omitempty"`
                                  	// Configs for fetching TLS certificates via SDS API. Note SDS API allows certificates to be
                                  	// fetched/refreshed over the network asynchronously with respect to the TLS handshake.
                                  	TlsCertificateSdsSecretConfigs []*SdsSecretConfig `` /* 157-byte string literal not displayed */
                                  	// Certificate provider for fetching TLS certificates.
                                  	// [#not-implemented-hide:]
                                  	TlsCertificateCertificateProvider *CommonTlsContext_CertificateProvider `` /* 164-byte string literal not displayed */
                                  	// Certificate provider instance for fetching TLS certificates.
                                  	// [#not-implemented-hide:]
                                  	TlsCertificateCertificateProviderInstance *CommonTlsContext_CertificateProviderInstance `` /* 191-byte string literal not displayed */
                                  	// Types that are assignable to ValidationContextType:
                                  	//	*CommonTlsContext_ValidationContext
                                  	//	*CommonTlsContext_ValidationContextSdsSecretConfig
                                  	//	*CommonTlsContext_CombinedValidationContext
                                  	//	*CommonTlsContext_ValidationContextCertificateProvider
                                  	//	*CommonTlsContext_ValidationContextCertificateProviderInstance
                                  	ValidationContextType isCommonTlsContext_ValidationContextType `protobuf_oneof:"validation_context_type"`
                                  	// Supplies the list of ALPN protocols that the listener should expose. In
                                  	// practice this is likely to be set to one of two values (see the
                                  	// :ref:`codec_type
                                  	// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.codec_type>`
                                  	// parameter in the HTTP connection manager for more information):
                                  	//
                                  	// * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
                                  	// * "http/1.1" If the listener is only going to support HTTP/1.1.
                                  	//
                                  	// There is no default for this parameter. If empty, Envoy will not expose ALPN.
                                  	AlpnProtocols []string `protobuf:"bytes,4,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
                                  	// Custom TLS handshaker. If empty, defaults to native TLS handshaking
                                  	// behavior.
                                  	CustomHandshaker *v3.TypedExtensionConfig `protobuf:"bytes,13,opt,name=custom_handshaker,json=customHandshaker,proto3" json:"custom_handshaker,omitempty"`
                                  	// contains filtered or unexported fields
                                  }

                                    TLS context shared by both client and server TLS contexts. [#next-free-field: 14]

                                    func (*CommonTlsContext) Descriptor

                                    func (*CommonTlsContext) Descriptor() ([]byte, []int)

                                      Deprecated: Use CommonTlsContext.ProtoReflect.Descriptor instead.

                                      func (*CommonTlsContext) GetAlpnProtocols

                                      func (x *CommonTlsContext) GetAlpnProtocols() []string

                                      func (*CommonTlsContext) GetCombinedValidationContext

                                      func (*CommonTlsContext) GetCustomHandshaker

                                      func (x *CommonTlsContext) GetCustomHandshaker() *v3.TypedExtensionConfig

                                      func (*CommonTlsContext) GetTlsCertificateCertificateProvider

                                      func (x *CommonTlsContext) GetTlsCertificateCertificateProvider() *CommonTlsContext_CertificateProvider

                                      func (*CommonTlsContext) GetTlsCertificateCertificateProviderInstance

                                      func (x *CommonTlsContext) GetTlsCertificateCertificateProviderInstance() *CommonTlsContext_CertificateProviderInstance

                                      func (*CommonTlsContext) GetTlsCertificateSdsSecretConfigs

                                      func (x *CommonTlsContext) GetTlsCertificateSdsSecretConfigs() []*SdsSecretConfig

                                      func (*CommonTlsContext) GetTlsCertificates

                                      func (x *CommonTlsContext) GetTlsCertificates() []*TlsCertificate

                                      func (*CommonTlsContext) GetTlsParams

                                      func (x *CommonTlsContext) GetTlsParams() *TlsParameters

                                      func (*CommonTlsContext) GetValidationContext

                                      func (x *CommonTlsContext) GetValidationContext() *CertificateValidationContext

                                      func (*CommonTlsContext) GetValidationContextCertificateProvider

                                      func (x *CommonTlsContext) GetValidationContextCertificateProvider() *CommonTlsContext_CertificateProvider

                                      func (*CommonTlsContext) GetValidationContextCertificateProviderInstance

                                      func (x *CommonTlsContext) GetValidationContextCertificateProviderInstance() *CommonTlsContext_CertificateProviderInstance

                                      func (*CommonTlsContext) GetValidationContextSdsSecretConfig

                                      func (x *CommonTlsContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig

                                      func (*CommonTlsContext) GetValidationContextType

                                      func (m *CommonTlsContext) GetValidationContextType() isCommonTlsContext_ValidationContextType

                                      func (*CommonTlsContext) ProtoMessage

                                      func (*CommonTlsContext) ProtoMessage()

                                      func (*CommonTlsContext) ProtoReflect

                                      func (x *CommonTlsContext) ProtoReflect() protoreflect.Message

                                      func (*CommonTlsContext) Reset

                                      func (x *CommonTlsContext) Reset()

                                      func (*CommonTlsContext) String

                                      func (x *CommonTlsContext) String() string

                                      func (*CommonTlsContext) Validate

                                      func (m *CommonTlsContext) Validate() error

                                        Validate checks the field values on CommonTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                        type CommonTlsContextValidationError

                                        type CommonTlsContextValidationError struct {
                                        	// contains filtered or unexported fields
                                        }

                                          CommonTlsContextValidationError is the validation error returned by CommonTlsContext.Validate if the designated constraints aren't met.

                                          func (CommonTlsContextValidationError) Cause

                                            Cause function returns cause value.

                                            func (CommonTlsContextValidationError) Error

                                              Error satisfies the builtin error interface

                                              func (CommonTlsContextValidationError) ErrorName

                                                ErrorName returns error name.

                                                func (CommonTlsContextValidationError) Field

                                                  Field function returns field value.

                                                  func (CommonTlsContextValidationError) Key

                                                    Key function returns key value.

                                                    func (CommonTlsContextValidationError) Reason

                                                      Reason function returns reason value.

                                                      type CommonTlsContext_CertificateProvider

                                                      type CommonTlsContext_CertificateProvider struct {
                                                      
                                                      	// opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify
                                                      	// a root-certificate (validation context) or "TLS" to specify a new tls-certificate.
                                                      	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
                                                      	// Provider specific config.
                                                      	// Note: an implementation is expected to dedup multiple instances of the same config
                                                      	// to maintain a single certificate-provider instance. The sharing can happen, for
                                                      	// example, among multiple clusters or between the tls_certificate and validation_context
                                                      	// certificate providers of a cluster.
                                                      	// This config could be supplied inline or (in future) a named xDS resource.
                                                      	//
                                                      	// Types that are assignable to Config:
                                                      	//	*CommonTlsContext_CertificateProvider_TypedConfig
                                                      	Config isCommonTlsContext_CertificateProvider_Config `protobuf_oneof:"config"`
                                                      	// contains filtered or unexported fields
                                                      }

                                                        Config for Certificate provider to get certificates. This provider should allow certificates to be fetched/refreshed over the network asynchronously with respect to the TLS handshake.

                                                        func (*CommonTlsContext_CertificateProvider) Descriptor

                                                        func (*CommonTlsContext_CertificateProvider) Descriptor() ([]byte, []int)

                                                          Deprecated: Use CommonTlsContext_CertificateProvider.ProtoReflect.Descriptor instead.

                                                          func (*CommonTlsContext_CertificateProvider) GetConfig

                                                          func (m *CommonTlsContext_CertificateProvider) GetConfig() isCommonTlsContext_CertificateProvider_Config

                                                          func (*CommonTlsContext_CertificateProvider) GetName

                                                          func (*CommonTlsContext_CertificateProvider) GetTypedConfig

                                                          func (*CommonTlsContext_CertificateProvider) ProtoMessage

                                                          func (*CommonTlsContext_CertificateProvider) ProtoMessage()

                                                          func (*CommonTlsContext_CertificateProvider) ProtoReflect

                                                          func (*CommonTlsContext_CertificateProvider) Reset

                                                          func (*CommonTlsContext_CertificateProvider) String

                                                          func (*CommonTlsContext_CertificateProvider) Validate

                                                            Validate checks the field values on CommonTlsContext_CertificateProvider with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                            type CommonTlsContext_CertificateProviderInstance

                                                            type CommonTlsContext_CertificateProviderInstance struct {
                                                            
                                                            	// Provider instance name. This name must be defined in the client's configuration (e.g., a
                                                            	// bootstrap file) to correspond to a provider instance (i.e., the same data in the typed_config
                                                            	// field that would be sent in the CertificateProvider message if the config was sent by the
                                                            	// control plane). If not present, defaults to "default".
                                                            	//
                                                            	// Instance names should generally be defined not in terms of the underlying provider
                                                            	// implementation (e.g., "file_watcher") but rather in terms of the function of the
                                                            	// certificates (e.g., "foo_deployment_identity").
                                                            	InstanceName string `protobuf:"bytes,1,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"`
                                                            	// Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify
                                                            	// a root-certificate (validation context) or "example.com" to specify a certificate for a
                                                            	// particular domain. Not all provider instances will actually use this field, so the value
                                                            	// defaults to the empty string.
                                                            	CertificateName string `protobuf:"bytes,2,opt,name=certificate_name,json=certificateName,proto3" json:"certificate_name,omitempty"`
                                                            	// contains filtered or unexported fields
                                                            }

                                                              Similar to CertificateProvider above, but allows the provider instances to be configured on the client side instead of being sent from the control plane.

                                                              func (*CommonTlsContext_CertificateProviderInstance) Descriptor

                                                                Deprecated: Use CommonTlsContext_CertificateProviderInstance.ProtoReflect.Descriptor instead.

                                                                func (*CommonTlsContext_CertificateProviderInstance) GetCertificateName

                                                                func (x *CommonTlsContext_CertificateProviderInstance) GetCertificateName() string

                                                                func (*CommonTlsContext_CertificateProviderInstance) GetInstanceName

                                                                func (*CommonTlsContext_CertificateProviderInstance) ProtoMessage

                                                                func (*CommonTlsContext_CertificateProviderInstance) ProtoReflect

                                                                func (*CommonTlsContext_CertificateProviderInstance) Reset

                                                                func (*CommonTlsContext_CertificateProviderInstance) String

                                                                func (*CommonTlsContext_CertificateProviderInstance) Validate

                                                                  Validate checks the field values on CommonTlsContext_CertificateProviderInstance with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                  type CommonTlsContext_CertificateProviderInstanceValidationError

                                                                  type CommonTlsContext_CertificateProviderInstanceValidationError struct {
                                                                  	// contains filtered or unexported fields
                                                                  }

                                                                    CommonTlsContext_CertificateProviderInstanceValidationError is the validation error returned by CommonTlsContext_CertificateProviderInstance.Validate if the designated constraints aren't met.

                                                                    func (CommonTlsContext_CertificateProviderInstanceValidationError) Cause

                                                                      Cause function returns cause value.

                                                                      func (CommonTlsContext_CertificateProviderInstanceValidationError) Error

                                                                        Error satisfies the builtin error interface

                                                                        func (CommonTlsContext_CertificateProviderInstanceValidationError) ErrorName

                                                                          ErrorName returns error name.

                                                                          func (CommonTlsContext_CertificateProviderInstanceValidationError) Field

                                                                            Field function returns field value.

                                                                            func (CommonTlsContext_CertificateProviderInstanceValidationError) Key

                                                                              Key function returns key value.

                                                                              func (CommonTlsContext_CertificateProviderInstanceValidationError) Reason

                                                                                Reason function returns reason value.

                                                                                type CommonTlsContext_CertificateProviderValidationError

                                                                                type CommonTlsContext_CertificateProviderValidationError struct {
                                                                                	// contains filtered or unexported fields
                                                                                }

                                                                                  CommonTlsContext_CertificateProviderValidationError is the validation error returned by CommonTlsContext_CertificateProvider.Validate if the designated constraints aren't met.

                                                                                  func (CommonTlsContext_CertificateProviderValidationError) Cause

                                                                                    Cause function returns cause value.

                                                                                    func (CommonTlsContext_CertificateProviderValidationError) Error

                                                                                      Error satisfies the builtin error interface

                                                                                      func (CommonTlsContext_CertificateProviderValidationError) ErrorName

                                                                                        ErrorName returns error name.

                                                                                        func (CommonTlsContext_CertificateProviderValidationError) Field

                                                                                          Field function returns field value.

                                                                                          func (CommonTlsContext_CertificateProviderValidationError) Key

                                                                                            Key function returns key value.

                                                                                            func (CommonTlsContext_CertificateProviderValidationError) Reason

                                                                                              Reason function returns reason value.

                                                                                              type CommonTlsContext_CertificateProvider_TypedConfig

                                                                                              type CommonTlsContext_CertificateProvider_TypedConfig struct {
                                                                                              	TypedConfig *v3.TypedExtensionConfig `protobuf:"bytes,2,opt,name=typed_config,json=typedConfig,proto3,oneof"`
                                                                                              }

                                                                                              type CommonTlsContext_CombinedCertificateValidationContext

                                                                                              type CommonTlsContext_CombinedCertificateValidationContext struct {
                                                                                              
                                                                                              	// How to validate peer certificates.
                                                                                              	DefaultValidationContext *CertificateValidationContext `` /* 135-byte string literal not displayed */
                                                                                              	// Config for fetching validation context via SDS API. Note SDS API allows certificates to be
                                                                                              	// fetched/refreshed over the network asynchronously with respect to the TLS handshake.
                                                                                              	// Only one of validation_context_sds_secret_config, validation_context_certificate_provider,
                                                                                              	// or validation_context_certificate_provider_instance may be used.
                                                                                              	ValidationContextSdsSecretConfig *SdsSecretConfig `` /* 163-byte string literal not displayed */
                                                                                              	// Certificate provider for fetching validation context.
                                                                                              	// Only one of validation_context_sds_secret_config, validation_context_certificate_provider,
                                                                                              	// or validation_context_certificate_provider_instance may be used.
                                                                                              	// [#not-implemented-hide:]
                                                                                              	ValidationContextCertificateProvider *CommonTlsContext_CertificateProvider `` /* 173-byte string literal not displayed */
                                                                                              	// Certificate provider instance for fetching validation context.
                                                                                              	// Only one of validation_context_sds_secret_config, validation_context_certificate_provider,
                                                                                              	// or validation_context_certificate_provider_instance may be used.
                                                                                              	// [#not-implemented-hide:]
                                                                                              	ValidationContextCertificateProviderInstance *CommonTlsContext_CertificateProviderInstance `` /* 199-byte string literal not displayed */
                                                                                              	// contains filtered or unexported fields
                                                                                              }

                                                                                              func (*CommonTlsContext_CombinedCertificateValidationContext) Descriptor

                                                                                                Deprecated: Use CommonTlsContext_CombinedCertificateValidationContext.ProtoReflect.Descriptor instead.

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) GetDefaultValidationContext

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextCertificateProvider

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextCertificateProviderInstance

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextSdsSecretConfig

                                                                                                func (x *CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) ProtoMessage

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) ProtoReflect

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) Reset

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) String

                                                                                                func (*CommonTlsContext_CombinedCertificateValidationContext) Validate

                                                                                                  Validate checks the field values on CommonTlsContext_CombinedCertificateValidationContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                  type CommonTlsContext_CombinedCertificateValidationContextValidationError

                                                                                                  type CommonTlsContext_CombinedCertificateValidationContextValidationError struct {
                                                                                                  	// contains filtered or unexported fields
                                                                                                  }

                                                                                                    CommonTlsContext_CombinedCertificateValidationContextValidationError is the validation error returned by CommonTlsContext_CombinedCertificateValidationContext.Validate if the designated constraints aren't met.

                                                                                                    func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Cause

                                                                                                      Cause function returns cause value.

                                                                                                      func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Error

                                                                                                        Error satisfies the builtin error interface

                                                                                                        func (CommonTlsContext_CombinedCertificateValidationContextValidationError) ErrorName

                                                                                                          ErrorName returns error name.

                                                                                                          func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Field

                                                                                                            Field function returns field value.

                                                                                                            func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Key

                                                                                                              Key function returns key value.

                                                                                                              func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Reason

                                                                                                                Reason function returns reason value.

                                                                                                                type CommonTlsContext_CombinedValidationContext

                                                                                                                type CommonTlsContext_CombinedValidationContext struct {
                                                                                                                	// Combined certificate validation context holds a default CertificateValidationContext
                                                                                                                	// and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic
                                                                                                                	// and default CertificateValidationContext are merged into a new CertificateValidationContext
                                                                                                                	// for validation. This merge is done by Message::MergeFrom(), so dynamic
                                                                                                                	// CertificateValidationContext overwrites singular fields in default
                                                                                                                	// CertificateValidationContext, and concatenates repeated fields to default
                                                                                                                	// CertificateValidationContext, and logical OR is applied to boolean fields.
                                                                                                                	CombinedValidationContext *CommonTlsContext_CombinedCertificateValidationContext `protobuf:"bytes,8,opt,name=combined_validation_context,json=combinedValidationContext,proto3,oneof"`
                                                                                                                }

                                                                                                                type CommonTlsContext_ValidationContext

                                                                                                                type CommonTlsContext_ValidationContext struct {
                                                                                                                	// How to validate peer certificates.
                                                                                                                	ValidationContext *CertificateValidationContext `protobuf:"bytes,3,opt,name=validation_context,json=validationContext,proto3,oneof"`
                                                                                                                }

                                                                                                                type CommonTlsContext_ValidationContextCertificateProvider

                                                                                                                type CommonTlsContext_ValidationContextCertificateProvider struct {
                                                                                                                	// Certificate provider for fetching validation context.
                                                                                                                	// [#not-implemented-hide:]
                                                                                                                	ValidationContextCertificateProvider *CommonTlsContext_CertificateProvider `protobuf:"bytes,10,opt,name=validation_context_certificate_provider,json=validationContextCertificateProvider,proto3,oneof"`
                                                                                                                }

                                                                                                                type CommonTlsContext_ValidationContextCertificateProviderInstance

                                                                                                                type CommonTlsContext_ValidationContextCertificateProviderInstance struct {
                                                                                                                	// Certificate provider instance for fetching validation context.
                                                                                                                	// [#not-implemented-hide:]
                                                                                                                	ValidationContextCertificateProviderInstance *CommonTlsContext_CertificateProviderInstance `` /* 140-byte string literal not displayed */
                                                                                                                }

                                                                                                                type CommonTlsContext_ValidationContextSdsSecretConfig

                                                                                                                type CommonTlsContext_ValidationContextSdsSecretConfig struct {
                                                                                                                	// Config for fetching validation context via SDS API. Note SDS API allows certificates to be
                                                                                                                	// fetched/refreshed over the network asynchronously with respect to the TLS handshake.
                                                                                                                	ValidationContextSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,7,opt,name=validation_context_sds_secret_config,json=validationContextSdsSecretConfig,proto3,oneof"`
                                                                                                                }

                                                                                                                type DownstreamTlsContext

                                                                                                                type DownstreamTlsContext struct {
                                                                                                                
                                                                                                                	// Common TLS context settings.
                                                                                                                	CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext,proto3" json:"common_tls_context,omitempty"`
                                                                                                                	// If specified, Envoy will reject connections without a valid client
                                                                                                                	// certificate.
                                                                                                                	RequireClientCertificate *wrappers.BoolValue `` /* 135-byte string literal not displayed */
                                                                                                                	// If specified, Envoy will reject connections without a valid and matching SNI.
                                                                                                                	// [#not-implemented-hide:]
                                                                                                                	RequireSni *wrappers.BoolValue `protobuf:"bytes,3,opt,name=require_sni,json=requireSni,proto3" json:"require_sni,omitempty"`
                                                                                                                	// Types that are assignable to SessionTicketKeysType:
                                                                                                                	//	*DownstreamTlsContext_SessionTicketKeys
                                                                                                                	//	*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig
                                                                                                                	//	*DownstreamTlsContext_DisableStatelessSessionResumption
                                                                                                                	SessionTicketKeysType isDownstreamTlsContext_SessionTicketKeysType `protobuf_oneof:"session_ticket_keys_type"`
                                                                                                                	// If specified, session_timeout will change maximum lifetime (in seconds) of TLS session
                                                                                                                	// Currently this value is used as a hint to `TLS session ticket lifetime (for TLSv1.2)
                                                                                                                	// <https://tools.ietf.org/html/rfc5077#section-5.6>`
                                                                                                                	// only seconds could be specified (fractional seconds are going to be ignored).
                                                                                                                	SessionTimeout *duration.Duration `protobuf:"bytes,6,opt,name=session_timeout,json=sessionTimeout,proto3" json:"session_timeout,omitempty"`
                                                                                                                	// Config for whether to use certificates if they do not have
                                                                                                                	// an accompanying OCSP response or if the response expires at runtime.
                                                                                                                	// Defaults to LENIENT_STAPLING
                                                                                                                	OcspStaplePolicy DownstreamTlsContext_OcspStaplePolicy `` /* 197-byte string literal not displayed */
                                                                                                                	// contains filtered or unexported fields
                                                                                                                }

                                                                                                                  [#next-free-field: 9]

                                                                                                                  func (*DownstreamTlsContext) Descriptor

                                                                                                                  func (*DownstreamTlsContext) Descriptor() ([]byte, []int)

                                                                                                                    Deprecated: Use DownstreamTlsContext.ProtoReflect.Descriptor instead.

                                                                                                                    func (*DownstreamTlsContext) GetCommonTlsContext

                                                                                                                    func (x *DownstreamTlsContext) GetCommonTlsContext() *CommonTlsContext

                                                                                                                    func (*DownstreamTlsContext) GetDisableStatelessSessionResumption

                                                                                                                    func (x *DownstreamTlsContext) GetDisableStatelessSessionResumption() bool

                                                                                                                    func (*DownstreamTlsContext) GetOcspStaplePolicy

                                                                                                                    func (*DownstreamTlsContext) GetRequireClientCertificate

                                                                                                                    func (x *DownstreamTlsContext) GetRequireClientCertificate() *wrappers.BoolValue

                                                                                                                    func (*DownstreamTlsContext) GetRequireSni

                                                                                                                    func (x *DownstreamTlsContext) GetRequireSni() *wrappers.BoolValue

                                                                                                                    func (*DownstreamTlsContext) GetSessionTicketKeys

                                                                                                                    func (x *DownstreamTlsContext) GetSessionTicketKeys() *TlsSessionTicketKeys

                                                                                                                    func (*DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig

                                                                                                                    func (x *DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig() *SdsSecretConfig

                                                                                                                    func (*DownstreamTlsContext) GetSessionTicketKeysType

                                                                                                                    func (m *DownstreamTlsContext) GetSessionTicketKeysType() isDownstreamTlsContext_SessionTicketKeysType

                                                                                                                    func (*DownstreamTlsContext) GetSessionTimeout

                                                                                                                    func (x *DownstreamTlsContext) GetSessionTimeout() *duration.Duration

                                                                                                                    func (*DownstreamTlsContext) ProtoMessage

                                                                                                                    func (*DownstreamTlsContext) ProtoMessage()

                                                                                                                    func (*DownstreamTlsContext) ProtoReflect

                                                                                                                    func (x *DownstreamTlsContext) ProtoReflect() protoreflect.Message

                                                                                                                    func (*DownstreamTlsContext) Reset

                                                                                                                    func (x *DownstreamTlsContext) Reset()

                                                                                                                    func (*DownstreamTlsContext) String

                                                                                                                    func (x *DownstreamTlsContext) String() string

                                                                                                                    func (*DownstreamTlsContext) Validate

                                                                                                                    func (m *DownstreamTlsContext) Validate() error

                                                                                                                      Validate checks the field values on DownstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                      type DownstreamTlsContextValidationError

                                                                                                                      type DownstreamTlsContextValidationError struct {
                                                                                                                      	// contains filtered or unexported fields
                                                                                                                      }

                                                                                                                        DownstreamTlsContextValidationError is the validation error returned by DownstreamTlsContext.Validate if the designated constraints aren't met.

                                                                                                                        func (DownstreamTlsContextValidationError) Cause

                                                                                                                          Cause function returns cause value.

                                                                                                                          func (DownstreamTlsContextValidationError) Error

                                                                                                                            Error satisfies the builtin error interface

                                                                                                                            func (DownstreamTlsContextValidationError) ErrorName

                                                                                                                              ErrorName returns error name.

                                                                                                                              func (DownstreamTlsContextValidationError) Field

                                                                                                                                Field function returns field value.

                                                                                                                                func (DownstreamTlsContextValidationError) Key

                                                                                                                                  Key function returns key value.

                                                                                                                                  func (DownstreamTlsContextValidationError) Reason

                                                                                                                                    Reason function returns reason value.

                                                                                                                                    type DownstreamTlsContext_DisableStatelessSessionResumption

                                                                                                                                    type DownstreamTlsContext_DisableStatelessSessionResumption struct {
                                                                                                                                    	// Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
                                                                                                                                    	// server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
                                                                                                                                    	// If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
                                                                                                                                    	// the keys specified through either :ref:`session_ticket_keys <envoy_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
                                                                                                                                    	// or :ref:`session_ticket_keys_sds_secret_config <envoy_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
                                                                                                                                    	// If this config is set to false and no keys are explicitly configured, the TLS server will issue
                                                                                                                                    	// TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
                                                                                                                                    	// implication that sessions cannot be resumed across hot restarts or on different hosts.
                                                                                                                                    	DisableStatelessSessionResumption bool `protobuf:"varint,7,opt,name=disable_stateless_session_resumption,json=disableStatelessSessionResumption,proto3,oneof"`
                                                                                                                                    }

                                                                                                                                    type DownstreamTlsContext_OcspStaplePolicy

                                                                                                                                    type DownstreamTlsContext_OcspStaplePolicy int32
                                                                                                                                    const (
                                                                                                                                    	// OCSP responses are optional. If an OCSP response is absent
                                                                                                                                    	// or expired, the associated certificate will be used for
                                                                                                                                    	// connections without an OCSP staple.
                                                                                                                                    	DownstreamTlsContext_LENIENT_STAPLING DownstreamTlsContext_OcspStaplePolicy = 0
                                                                                                                                    	// OCSP responses are optional. If an OCSP response is absent,
                                                                                                                                    	// the associated certificate will be used without an
                                                                                                                                    	// OCSP staple. If a response is provided but is expired,
                                                                                                                                    	// the associated certificate will not be used for
                                                                                                                                    	// subsequent connections. If no suitable certificate is found,
                                                                                                                                    	// the connection is rejected.
                                                                                                                                    	DownstreamTlsContext_STRICT_STAPLING DownstreamTlsContext_OcspStaplePolicy = 1
                                                                                                                                    	// OCSP responses are required. Configuration will fail if
                                                                                                                                    	// a certificate is provided without an OCSP response. If a
                                                                                                                                    	// response expires, the associated certificate will not be
                                                                                                                                    	// used connections. If no suitable certificate is found, the
                                                                                                                                    	// connection is rejected.
                                                                                                                                    	DownstreamTlsContext_MUST_STAPLE DownstreamTlsContext_OcspStaplePolicy = 2
                                                                                                                                    )

                                                                                                                                    func (DownstreamTlsContext_OcspStaplePolicy) Descriptor

                                                                                                                                    func (DownstreamTlsContext_OcspStaplePolicy) Enum

                                                                                                                                    func (DownstreamTlsContext_OcspStaplePolicy) EnumDescriptor

                                                                                                                                    func (DownstreamTlsContext_OcspStaplePolicy) EnumDescriptor() ([]byte, []int)

                                                                                                                                      Deprecated: Use DownstreamTlsContext_OcspStaplePolicy.Descriptor instead.

                                                                                                                                      func (DownstreamTlsContext_OcspStaplePolicy) Number

                                                                                                                                      func (DownstreamTlsContext_OcspStaplePolicy) String

                                                                                                                                      func (DownstreamTlsContext_OcspStaplePolicy) Type

                                                                                                                                      type DownstreamTlsContext_SessionTicketKeys

                                                                                                                                      type DownstreamTlsContext_SessionTicketKeys struct {
                                                                                                                                      	// TLS session ticket key settings.
                                                                                                                                      	SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,4,opt,name=session_ticket_keys,json=sessionTicketKeys,proto3,oneof"`
                                                                                                                                      }

                                                                                                                                      type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig

                                                                                                                                      type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig struct {
                                                                                                                                      	// Config for fetching TLS session ticket keys via SDS API.
                                                                                                                                      	SessionTicketKeysSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,5,opt,name=session_ticket_keys_sds_secret_config,json=sessionTicketKeysSdsSecretConfig,proto3,oneof"`
                                                                                                                                      }

                                                                                                                                      type GenericSecret

                                                                                                                                      type GenericSecret struct {
                                                                                                                                      
                                                                                                                                      	// Secret of generic type and is available to filters.
                                                                                                                                      	Secret *v3.DataSource `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"`
                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                      }

                                                                                                                                      func (*GenericSecret) Descriptor

                                                                                                                                      func (*GenericSecret) Descriptor() ([]byte, []int)

                                                                                                                                        Deprecated: Use GenericSecret.ProtoReflect.Descriptor instead.

                                                                                                                                        func (*GenericSecret) GetSecret

                                                                                                                                        func (x *GenericSecret) GetSecret() *v3.DataSource

                                                                                                                                        func (*GenericSecret) ProtoMessage

                                                                                                                                        func (*GenericSecret) ProtoMessage()

                                                                                                                                        func (*GenericSecret) ProtoReflect

                                                                                                                                        func (x *GenericSecret) ProtoReflect() protoreflect.Message

                                                                                                                                        func (*GenericSecret) Reset

                                                                                                                                        func (x *GenericSecret) Reset()

                                                                                                                                        func (*GenericSecret) String

                                                                                                                                        func (x *GenericSecret) String() string

                                                                                                                                        func (*GenericSecret) Validate

                                                                                                                                        func (m *GenericSecret) Validate() error

                                                                                                                                          Validate checks the field values on GenericSecret with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                          type GenericSecretValidationError

                                                                                                                                          type GenericSecretValidationError struct {
                                                                                                                                          	// contains filtered or unexported fields
                                                                                                                                          }

                                                                                                                                            GenericSecretValidationError is the validation error returned by GenericSecret.Validate if the designated constraints aren't met.

                                                                                                                                            func (GenericSecretValidationError) Cause

                                                                                                                                              Cause function returns cause value.

                                                                                                                                              func (GenericSecretValidationError) Error

                                                                                                                                                Error satisfies the builtin error interface

                                                                                                                                                func (GenericSecretValidationError) ErrorName

                                                                                                                                                func (e GenericSecretValidationError) ErrorName() string

                                                                                                                                                  ErrorName returns error name.

                                                                                                                                                  func (GenericSecretValidationError) Field

                                                                                                                                                    Field function returns field value.

                                                                                                                                                    func (GenericSecretValidationError) Key

                                                                                                                                                      Key function returns key value.

                                                                                                                                                      func (GenericSecretValidationError) Reason

                                                                                                                                                        Reason function returns reason value.

                                                                                                                                                        type PrivateKeyProvider

                                                                                                                                                        type PrivateKeyProvider struct {
                                                                                                                                                        
                                                                                                                                                        	// Private key method provider name. The name must match a
                                                                                                                                                        	// supported private key method provider type.
                                                                                                                                                        	ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"`
                                                                                                                                                        	// Private key method provider specific configuration.
                                                                                                                                                        	//
                                                                                                                                                        	// Types that are assignable to ConfigType:
                                                                                                                                                        	//	*PrivateKeyProvider_TypedConfig
                                                                                                                                                        	//	*PrivateKeyProvider_HiddenEnvoyDeprecatedConfig
                                                                                                                                                        	ConfigType isPrivateKeyProvider_ConfigType `protobuf_oneof:"config_type"`
                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                        }

                                                                                                                                                          BoringSSL private key method configuration. The private key methods are used for external (potentially asynchronous) signing and decryption operations. Some use cases for private key methods would be TPM support and TLS acceleration.

                                                                                                                                                          func (*PrivateKeyProvider) Descriptor

                                                                                                                                                          func (*PrivateKeyProvider) Descriptor() ([]byte, []int)

                                                                                                                                                            Deprecated: Use PrivateKeyProvider.ProtoReflect.Descriptor instead.

                                                                                                                                                            func (*PrivateKeyProvider) GetConfigType

                                                                                                                                                            func (m *PrivateKeyProvider) GetConfigType() isPrivateKeyProvider_ConfigType

                                                                                                                                                            func (*PrivateKeyProvider) GetHiddenEnvoyDeprecatedConfig

                                                                                                                                                            func (x *PrivateKeyProvider) GetHiddenEnvoyDeprecatedConfig() *_struct.Struct

                                                                                                                                                              Deprecated: Do not use.

                                                                                                                                                              func (*PrivateKeyProvider) GetProviderName

                                                                                                                                                              func (x *PrivateKeyProvider) GetProviderName() string

                                                                                                                                                              func (*PrivateKeyProvider) GetTypedConfig

                                                                                                                                                              func (x *PrivateKeyProvider) GetTypedConfig() *any.Any

                                                                                                                                                              func (*PrivateKeyProvider) ProtoMessage

                                                                                                                                                              func (*PrivateKeyProvider) ProtoMessage()

                                                                                                                                                              func (*PrivateKeyProvider) ProtoReflect

                                                                                                                                                              func (x *PrivateKeyProvider) ProtoReflect() protoreflect.Message

                                                                                                                                                              func (*PrivateKeyProvider) Reset

                                                                                                                                                              func (x *PrivateKeyProvider) Reset()

                                                                                                                                                              func (*PrivateKeyProvider) String

                                                                                                                                                              func (x *PrivateKeyProvider) String() string

                                                                                                                                                              func (*PrivateKeyProvider) Validate

                                                                                                                                                              func (m *PrivateKeyProvider) Validate() error

                                                                                                                                                                Validate checks the field values on PrivateKeyProvider with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                type PrivateKeyProviderValidationError

                                                                                                                                                                type PrivateKeyProviderValidationError struct {
                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                }

                                                                                                                                                                  PrivateKeyProviderValidationError is the validation error returned by PrivateKeyProvider.Validate if the designated constraints aren't met.

                                                                                                                                                                  func (PrivateKeyProviderValidationError) Cause

                                                                                                                                                                    Cause function returns cause value.

                                                                                                                                                                    func (PrivateKeyProviderValidationError) Error

                                                                                                                                                                      Error satisfies the builtin error interface

                                                                                                                                                                      func (PrivateKeyProviderValidationError) ErrorName

                                                                                                                                                                        ErrorName returns error name.

                                                                                                                                                                        func (PrivateKeyProviderValidationError) Field

                                                                                                                                                                          Field function returns field value.

                                                                                                                                                                          func (PrivateKeyProviderValidationError) Key

                                                                                                                                                                            Key function returns key value.

                                                                                                                                                                            func (PrivateKeyProviderValidationError) Reason

                                                                                                                                                                              Reason function returns reason value.

                                                                                                                                                                              type PrivateKeyProvider_HiddenEnvoyDeprecatedConfig

                                                                                                                                                                              type PrivateKeyProvider_HiddenEnvoyDeprecatedConfig struct {
                                                                                                                                                                              	// Deprecated: Do not use.
                                                                                                                                                                              	HiddenEnvoyDeprecatedConfig *_struct.Struct `protobuf:"bytes,2,opt,name=hidden_envoy_deprecated_config,json=hiddenEnvoyDeprecatedConfig,proto3,oneof"`
                                                                                                                                                                              }

                                                                                                                                                                              type PrivateKeyProvider_TypedConfig

                                                                                                                                                                              type PrivateKeyProvider_TypedConfig struct {
                                                                                                                                                                              	TypedConfig *any.Any `protobuf:"bytes,3,opt,name=typed_config,json=typedConfig,proto3,oneof"`
                                                                                                                                                                              }

                                                                                                                                                                              type SdsSecretConfig

                                                                                                                                                                              type SdsSecretConfig struct {
                                                                                                                                                                              
                                                                                                                                                                              	// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
                                                                                                                                                                              	// When both name and config are specified, then secret can be fetched and/or reloaded via
                                                                                                                                                                              	// SDS. When only name is specified, then secret will be loaded from static resources.
                                                                                                                                                                              	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
                                                                                                                                                                              	// Resource locator for SDS. This is mutually exclusive to *name*.
                                                                                                                                                                              	// [#not-implemented-hide:]
                                                                                                                                                                              	SdsResourceLocator *v1.ResourceLocator `protobuf:"bytes,3,opt,name=sds_resource_locator,json=sdsResourceLocator,proto3" json:"sds_resource_locator,omitempty"`
                                                                                                                                                                              	SdsConfig          *v3.ConfigSource    `protobuf:"bytes,2,opt,name=sds_config,json=sdsConfig,proto3" json:"sds_config,omitempty"`
                                                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                                                              }

                                                                                                                                                                              func (*SdsSecretConfig) Descriptor

                                                                                                                                                                              func (*SdsSecretConfig) Descriptor() ([]byte, []int)

                                                                                                                                                                                Deprecated: Use SdsSecretConfig.ProtoReflect.Descriptor instead.

                                                                                                                                                                                func (*SdsSecretConfig) GetName

                                                                                                                                                                                func (x *SdsSecretConfig) GetName() string

                                                                                                                                                                                func (*SdsSecretConfig) GetSdsConfig

                                                                                                                                                                                func (x *SdsSecretConfig) GetSdsConfig() *v3.ConfigSource

                                                                                                                                                                                func (*SdsSecretConfig) GetSdsResourceLocator

                                                                                                                                                                                func (x *SdsSecretConfig) GetSdsResourceLocator() *v1.ResourceLocator

                                                                                                                                                                                func (*SdsSecretConfig) ProtoMessage

                                                                                                                                                                                func (*SdsSecretConfig) ProtoMessage()

                                                                                                                                                                                func (*SdsSecretConfig) ProtoReflect

                                                                                                                                                                                func (x *SdsSecretConfig) ProtoReflect() protoreflect.Message

                                                                                                                                                                                func (*SdsSecretConfig) Reset

                                                                                                                                                                                func (x *SdsSecretConfig) Reset()

                                                                                                                                                                                func (*SdsSecretConfig) String

                                                                                                                                                                                func (x *SdsSecretConfig) String() string

                                                                                                                                                                                func (*SdsSecretConfig) Validate

                                                                                                                                                                                func (m *SdsSecretConfig) Validate() error

                                                                                                                                                                                  Validate checks the field values on SdsSecretConfig with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                  type SdsSecretConfigValidationError

                                                                                                                                                                                  type SdsSecretConfigValidationError struct {
                                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                                  }

                                                                                                                                                                                    SdsSecretConfigValidationError is the validation error returned by SdsSecretConfig.Validate if the designated constraints aren't met.

                                                                                                                                                                                    func (SdsSecretConfigValidationError) Cause

                                                                                                                                                                                      Cause function returns cause value.

                                                                                                                                                                                      func (SdsSecretConfigValidationError) Error

                                                                                                                                                                                        Error satisfies the builtin error interface

                                                                                                                                                                                        func (SdsSecretConfigValidationError) ErrorName

                                                                                                                                                                                        func (e SdsSecretConfigValidationError) ErrorName() string

                                                                                                                                                                                          ErrorName returns error name.

                                                                                                                                                                                          func (SdsSecretConfigValidationError) Field

                                                                                                                                                                                            Field function returns field value.

                                                                                                                                                                                            func (SdsSecretConfigValidationError) Key

                                                                                                                                                                                              Key function returns key value.

                                                                                                                                                                                              func (SdsSecretConfigValidationError) Reason

                                                                                                                                                                                                Reason function returns reason value.

                                                                                                                                                                                                type Secret

                                                                                                                                                                                                type Secret struct {
                                                                                                                                                                                                
                                                                                                                                                                                                	// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
                                                                                                                                                                                                	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
                                                                                                                                                                                                	// Types that are assignable to Type:
                                                                                                                                                                                                	//	*Secret_TlsCertificate
                                                                                                                                                                                                	//	*Secret_SessionTicketKeys
                                                                                                                                                                                                	//	*Secret_ValidationContext
                                                                                                                                                                                                	//	*Secret_GenericSecret
                                                                                                                                                                                                	Type isSecret_Type `protobuf_oneof:"type"`
                                                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                                                }

                                                                                                                                                                                                  [#next-free-field: 6]

                                                                                                                                                                                                  func (*Secret) Descriptor

                                                                                                                                                                                                  func (*Secret) Descriptor() ([]byte, []int)

                                                                                                                                                                                                    Deprecated: Use Secret.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                    func (*Secret) GetGenericSecret

                                                                                                                                                                                                    func (x *Secret) GetGenericSecret() *GenericSecret

                                                                                                                                                                                                    func (*Secret) GetName

                                                                                                                                                                                                    func (x *Secret) GetName() string

                                                                                                                                                                                                    func (*Secret) GetSessionTicketKeys

                                                                                                                                                                                                    func (x *Secret) GetSessionTicketKeys() *TlsSessionTicketKeys

                                                                                                                                                                                                    func (*Secret) GetTlsCertificate

                                                                                                                                                                                                    func (x *Secret) GetTlsCertificate() *TlsCertificate

                                                                                                                                                                                                    func (*Secret) GetType

                                                                                                                                                                                                    func (m *Secret) GetType() isSecret_Type

                                                                                                                                                                                                    func (*Secret) GetValidationContext

                                                                                                                                                                                                    func (x *Secret) GetValidationContext() *CertificateValidationContext

                                                                                                                                                                                                    func (*Secret) ProtoMessage

                                                                                                                                                                                                    func (*Secret) ProtoMessage()

                                                                                                                                                                                                    func (*Secret) ProtoReflect

                                                                                                                                                                                                    func (x *Secret) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                    func (*Secret) Reset

                                                                                                                                                                                                    func (x *Secret) Reset()

                                                                                                                                                                                                    func (*Secret) String

                                                                                                                                                                                                    func (x *Secret) String() string

                                                                                                                                                                                                    func (*Secret) Validate

                                                                                                                                                                                                    func (m *Secret) Validate() error

                                                                                                                                                                                                      Validate checks the field values on Secret with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                                      type SecretValidationError

                                                                                                                                                                                                      type SecretValidationError struct {
                                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                                      }

                                                                                                                                                                                                        SecretValidationError is the validation error returned by Secret.Validate if the designated constraints aren't met.

                                                                                                                                                                                                        func (SecretValidationError) Cause

                                                                                                                                                                                                        func (e SecretValidationError) Cause() error

                                                                                                                                                                                                          Cause function returns cause value.

                                                                                                                                                                                                          func (SecretValidationError) Error

                                                                                                                                                                                                          func (e SecretValidationError) Error() string

                                                                                                                                                                                                            Error satisfies the builtin error interface

                                                                                                                                                                                                            func (SecretValidationError) ErrorName

                                                                                                                                                                                                            func (e SecretValidationError) ErrorName() string

                                                                                                                                                                                                              ErrorName returns error name.

                                                                                                                                                                                                              func (SecretValidationError) Field

                                                                                                                                                                                                              func (e SecretValidationError) Field() string

                                                                                                                                                                                                                Field function returns field value.

                                                                                                                                                                                                                func (SecretValidationError) Key

                                                                                                                                                                                                                func (e SecretValidationError) Key() bool

                                                                                                                                                                                                                  Key function returns key value.

                                                                                                                                                                                                                  func (SecretValidationError) Reason

                                                                                                                                                                                                                  func (e SecretValidationError) Reason() string

                                                                                                                                                                                                                    Reason function returns reason value.

                                                                                                                                                                                                                    type Secret_GenericSecret

                                                                                                                                                                                                                    type Secret_GenericSecret struct {
                                                                                                                                                                                                                    	GenericSecret *GenericSecret `protobuf:"bytes,5,opt,name=generic_secret,json=genericSecret,proto3,oneof"`
                                                                                                                                                                                                                    }

                                                                                                                                                                                                                    type Secret_SessionTicketKeys

                                                                                                                                                                                                                    type Secret_SessionTicketKeys struct {
                                                                                                                                                                                                                    	SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,3,opt,name=session_ticket_keys,json=sessionTicketKeys,proto3,oneof"`
                                                                                                                                                                                                                    }

                                                                                                                                                                                                                    type Secret_TlsCertificate

                                                                                                                                                                                                                    type Secret_TlsCertificate struct {
                                                                                                                                                                                                                    	TlsCertificate *TlsCertificate `protobuf:"bytes,2,opt,name=tls_certificate,json=tlsCertificate,proto3,oneof"`
                                                                                                                                                                                                                    }

                                                                                                                                                                                                                    type Secret_ValidationContext

                                                                                                                                                                                                                    type Secret_ValidationContext struct {
                                                                                                                                                                                                                    	ValidationContext *CertificateValidationContext `protobuf:"bytes,4,opt,name=validation_context,json=validationContext,proto3,oneof"`
                                                                                                                                                                                                                    }

                                                                                                                                                                                                                    type TlsCertificate

                                                                                                                                                                                                                    type TlsCertificate struct {
                                                                                                                                                                                                                    
                                                                                                                                                                                                                    	// The TLS certificate chain.
                                                                                                                                                                                                                    	CertificateChain *v3.DataSource `protobuf:"bytes,1,opt,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
                                                                                                                                                                                                                    	// The TLS private key.
                                                                                                                                                                                                                    	PrivateKey *v3.DataSource `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
                                                                                                                                                                                                                    	// BoringSSL private key method provider. This is an alternative to :ref:`private_key
                                                                                                                                                                                                                    	// <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
                                                                                                                                                                                                                    	// marked as “oneof“ due to API compatibility reasons. Setting both :ref:`private_key
                                                                                                                                                                                                                    	// <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
                                                                                                                                                                                                                    	// :ref:`private_key_provider
                                                                                                                                                                                                                    	// <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
                                                                                                                                                                                                                    	// error.
                                                                                                                                                                                                                    	PrivateKeyProvider *PrivateKeyProvider `protobuf:"bytes,6,opt,name=private_key_provider,json=privateKeyProvider,proto3" json:"private_key_provider,omitempty"`
                                                                                                                                                                                                                    	// The password to decrypt the TLS private key. If this field is not set, it is assumed that the
                                                                                                                                                                                                                    	// TLS private key is not password encrypted.
                                                                                                                                                                                                                    	Password *v3.DataSource `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
                                                                                                                                                                                                                    	// The OCSP response to be stapled with this certificate during the handshake.
                                                                                                                                                                                                                    	// The response must be DER-encoded and may only be  provided via “filename“ or
                                                                                                                                                                                                                    	// “inline_bytes“. The response may pertain to only one certificate.
                                                                                                                                                                                                                    	OcspStaple *v3.DataSource `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"`
                                                                                                                                                                                                                    	// [#not-implemented-hide:]
                                                                                                                                                                                                                    	SignedCertificateTimestamp []*v3.DataSource `` /* 141-byte string literal not displayed */
                                                                                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                                                                                    }

                                                                                                                                                                                                                      [#next-free-field: 7]

                                                                                                                                                                                                                      func (*TlsCertificate) Descriptor

                                                                                                                                                                                                                      func (*TlsCertificate) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                        Deprecated: Use TlsCertificate.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                        func (*TlsCertificate) GetCertificateChain

                                                                                                                                                                                                                        func (x *TlsCertificate) GetCertificateChain() *v3.DataSource

                                                                                                                                                                                                                        func (*TlsCertificate) GetOcspStaple

                                                                                                                                                                                                                        func (x *TlsCertificate) GetOcspStaple() *v3.DataSource

                                                                                                                                                                                                                        func (*TlsCertificate) GetPassword

                                                                                                                                                                                                                        func (x *TlsCertificate) GetPassword() *v3.DataSource

                                                                                                                                                                                                                        func (*TlsCertificate) GetPrivateKey

                                                                                                                                                                                                                        func (x *TlsCertificate) GetPrivateKey() *v3.DataSource

                                                                                                                                                                                                                        func (*TlsCertificate) GetPrivateKeyProvider

                                                                                                                                                                                                                        func (x *TlsCertificate) GetPrivateKeyProvider() *PrivateKeyProvider

                                                                                                                                                                                                                        func (*TlsCertificate) GetSignedCertificateTimestamp

                                                                                                                                                                                                                        func (x *TlsCertificate) GetSignedCertificateTimestamp() []*v3.DataSource

                                                                                                                                                                                                                        func (*TlsCertificate) ProtoMessage

                                                                                                                                                                                                                        func (*TlsCertificate) ProtoMessage()

                                                                                                                                                                                                                        func (*TlsCertificate) ProtoReflect

                                                                                                                                                                                                                        func (x *TlsCertificate) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                        func (*TlsCertificate) Reset

                                                                                                                                                                                                                        func (x *TlsCertificate) Reset()

                                                                                                                                                                                                                        func (*TlsCertificate) String

                                                                                                                                                                                                                        func (x *TlsCertificate) String() string

                                                                                                                                                                                                                        func (*TlsCertificate) Validate

                                                                                                                                                                                                                        func (m *TlsCertificate) Validate() error

                                                                                                                                                                                                                          Validate checks the field values on TlsCertificate with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                                                          type TlsCertificateValidationError

                                                                                                                                                                                                                          type TlsCertificateValidationError struct {
                                                                                                                                                                                                                          	// contains filtered or unexported fields
                                                                                                                                                                                                                          }

                                                                                                                                                                                                                            TlsCertificateValidationError is the validation error returned by TlsCertificate.Validate if the designated constraints aren't met.

                                                                                                                                                                                                                            func (TlsCertificateValidationError) Cause

                                                                                                                                                                                                                              Cause function returns cause value.

                                                                                                                                                                                                                              func (TlsCertificateValidationError) Error

                                                                                                                                                                                                                                Error satisfies the builtin error interface

                                                                                                                                                                                                                                func (TlsCertificateValidationError) ErrorName

                                                                                                                                                                                                                                func (e TlsCertificateValidationError) ErrorName() string

                                                                                                                                                                                                                                  ErrorName returns error name.

                                                                                                                                                                                                                                  func (TlsCertificateValidationError) Field

                                                                                                                                                                                                                                    Field function returns field value.

                                                                                                                                                                                                                                    func (TlsCertificateValidationError) Key

                                                                                                                                                                                                                                      Key function returns key value.

                                                                                                                                                                                                                                      func (TlsCertificateValidationError) Reason

                                                                                                                                                                                                                                        Reason function returns reason value.

                                                                                                                                                                                                                                        type TlsParameters

                                                                                                                                                                                                                                        type TlsParameters struct {
                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                        	// Minimum TLS protocol version. By default, it's “TLSv1_2“ for clients and “TLSv1_0“ for
                                                                                                                                                                                                                                        	// servers.
                                                                                                                                                                                                                                        	TlsMinimumProtocolVersion TlsParameters_TlsProtocol `` /* 214-byte string literal not displayed */
                                                                                                                                                                                                                                        	// Maximum TLS protocol version. By default, it's “TLSv1_2“ for clients and “TLSv1_3“ for
                                                                                                                                                                                                                                        	// servers.
                                                                                                                                                                                                                                        	TlsMaximumProtocolVersion TlsParameters_TlsProtocol `` /* 214-byte string literal not displayed */
                                                                                                                                                                                                                                        	// If specified, the TLS listener will only support the specified `cipher list
                                                                                                                                                                                                                                        	// <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
                                                                                                                                                                                                                                        	// when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not
                                                                                                                                                                                                                                        	// specified, the default list will be used.
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// In non-FIPS builds, the default cipher list is:
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// .. code-block:: none
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	//   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
                                                                                                                                                                                                                                        	//   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
                                                                                                                                                                                                                                        	//   ECDHE-ECDSA-AES128-SHA
                                                                                                                                                                                                                                        	//   ECDHE-RSA-AES128-SHA
                                                                                                                                                                                                                                        	//   AES128-GCM-SHA256
                                                                                                                                                                                                                                        	//   AES128-SHA
                                                                                                                                                                                                                                        	//   ECDHE-ECDSA-AES256-GCM-SHA384
                                                                                                                                                                                                                                        	//   ECDHE-RSA-AES256-GCM-SHA384
                                                                                                                                                                                                                                        	//   ECDHE-ECDSA-AES256-SHA
                                                                                                                                                                                                                                        	//   ECDHE-RSA-AES256-SHA
                                                                                                                                                                                                                                        	//   AES256-GCM-SHA384
                                                                                                                                                                                                                                        	//   AES256-SHA
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// .. code-block:: none
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	//   ECDHE-ECDSA-AES128-GCM-SHA256
                                                                                                                                                                                                                                        	//   ECDHE-RSA-AES128-GCM-SHA256
                                                                                                                                                                                                                                        	//   ECDHE-ECDSA-AES128-SHA
                                                                                                                                                                                                                                        	//   ECDHE-RSA-AES128-SHA
                                                                                                                                                                                                                                        	//   AES128-GCM-SHA256
                                                                                                                                                                                                                                        	//   AES128-SHA
                                                                                                                                                                                                                                        	//   ECDHE-ECDSA-AES256-GCM-SHA384
                                                                                                                                                                                                                                        	//   ECDHE-RSA-AES256-GCM-SHA384
                                                                                                                                                                                                                                        	//   ECDHE-ECDSA-AES256-SHA
                                                                                                                                                                                                                                        	//   ECDHE-RSA-AES256-SHA
                                                                                                                                                                                                                                        	//   AES256-GCM-SHA384
                                                                                                                                                                                                                                        	//   AES256-SHA
                                                                                                                                                                                                                                        	CipherSuites []string `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"`
                                                                                                                                                                                                                                        	// If specified, the TLS connection will only support the specified ECDH
                                                                                                                                                                                                                                        	// curves. If not specified, the default curves will be used.
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// In non-FIPS builds, the default curves are:
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// .. code-block:: none
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	//   X25519
                                                                                                                                                                                                                                        	//   P-256
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	// .. code-block:: none
                                                                                                                                                                                                                                        	//
                                                                                                                                                                                                                                        	//   P-256
                                                                                                                                                                                                                                        	EcdhCurves []string `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"`
                                                                                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                        func (*TlsParameters) Descriptor

                                                                                                                                                                                                                                        func (*TlsParameters) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                          Deprecated: Use TlsParameters.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                          func (*TlsParameters) GetCipherSuites

                                                                                                                                                                                                                                          func (x *TlsParameters) GetCipherSuites() []string

                                                                                                                                                                                                                                          func (*TlsParameters) GetEcdhCurves

                                                                                                                                                                                                                                          func (x *TlsParameters) GetEcdhCurves() []string

                                                                                                                                                                                                                                          func (*TlsParameters) GetTlsMaximumProtocolVersion

                                                                                                                                                                                                                                          func (x *TlsParameters) GetTlsMaximumProtocolVersion() TlsParameters_TlsProtocol

                                                                                                                                                                                                                                          func (*TlsParameters) GetTlsMinimumProtocolVersion

                                                                                                                                                                                                                                          func (x *TlsParameters) GetTlsMinimumProtocolVersion() TlsParameters_TlsProtocol

                                                                                                                                                                                                                                          func (*TlsParameters) ProtoMessage

                                                                                                                                                                                                                                          func (*TlsParameters) ProtoMessage()

                                                                                                                                                                                                                                          func (*TlsParameters) ProtoReflect

                                                                                                                                                                                                                                          func (x *TlsParameters) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                                          func (*TlsParameters) Reset

                                                                                                                                                                                                                                          func (x *TlsParameters) Reset()

                                                                                                                                                                                                                                          func (*TlsParameters) String

                                                                                                                                                                                                                                          func (x *TlsParameters) String() string

                                                                                                                                                                                                                                          func (*TlsParameters) Validate

                                                                                                                                                                                                                                          func (m *TlsParameters) Validate() error

                                                                                                                                                                                                                                            Validate checks the field values on TlsParameters with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                                                                            type TlsParametersValidationError

                                                                                                                                                                                                                                            type TlsParametersValidationError struct {
                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                              TlsParametersValidationError is the validation error returned by TlsParameters.Validate if the designated constraints aren't met.

                                                                                                                                                                                                                                              func (TlsParametersValidationError) Cause

                                                                                                                                                                                                                                                Cause function returns cause value.

                                                                                                                                                                                                                                                func (TlsParametersValidationError) Error

                                                                                                                                                                                                                                                  Error satisfies the builtin error interface

                                                                                                                                                                                                                                                  func (TlsParametersValidationError) ErrorName

                                                                                                                                                                                                                                                  func (e TlsParametersValidationError) ErrorName() string

                                                                                                                                                                                                                                                    ErrorName returns error name.

                                                                                                                                                                                                                                                    func (TlsParametersValidationError) Field

                                                                                                                                                                                                                                                      Field function returns field value.

                                                                                                                                                                                                                                                      func (TlsParametersValidationError) Key

                                                                                                                                                                                                                                                        Key function returns key value.

                                                                                                                                                                                                                                                        func (TlsParametersValidationError) Reason

                                                                                                                                                                                                                                                          Reason function returns reason value.

                                                                                                                                                                                                                                                          type TlsParameters_TlsProtocol

                                                                                                                                                                                                                                                          type TlsParameters_TlsProtocol int32
                                                                                                                                                                                                                                                          const (
                                                                                                                                                                                                                                                          	// Envoy will choose the optimal TLS version.
                                                                                                                                                                                                                                                          	TlsParameters_TLS_AUTO TlsParameters_TlsProtocol = 0
                                                                                                                                                                                                                                                          	// TLS 1.0
                                                                                                                                                                                                                                                          	TlsParameters_TLSv1_0 TlsParameters_TlsProtocol = 1
                                                                                                                                                                                                                                                          	// TLS 1.1
                                                                                                                                                                                                                                                          	TlsParameters_TLSv1_1 TlsParameters_TlsProtocol = 2
                                                                                                                                                                                                                                                          	// TLS 1.2
                                                                                                                                                                                                                                                          	TlsParameters_TLSv1_2 TlsParameters_TlsProtocol = 3
                                                                                                                                                                                                                                                          	// TLS 1.3
                                                                                                                                                                                                                                                          	TlsParameters_TLSv1_3 TlsParameters_TlsProtocol = 4
                                                                                                                                                                                                                                                          )

                                                                                                                                                                                                                                                          func (TlsParameters_TlsProtocol) Descriptor

                                                                                                                                                                                                                                                          func (TlsParameters_TlsProtocol) Enum

                                                                                                                                                                                                                                                          func (TlsParameters_TlsProtocol) EnumDescriptor

                                                                                                                                                                                                                                                          func (TlsParameters_TlsProtocol) EnumDescriptor() ([]byte, []int)

                                                                                                                                                                                                                                                            Deprecated: Use TlsParameters_TlsProtocol.Descriptor instead.

                                                                                                                                                                                                                                                            func (TlsParameters_TlsProtocol) Number

                                                                                                                                                                                                                                                            func (TlsParameters_TlsProtocol) String

                                                                                                                                                                                                                                                            func (x TlsParameters_TlsProtocol) String() string

                                                                                                                                                                                                                                                            func (TlsParameters_TlsProtocol) Type

                                                                                                                                                                                                                                                            type TlsSessionTicketKeys

                                                                                                                                                                                                                                                            type TlsSessionTicketKeys struct {
                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                            	// Keys for encrypting and decrypting TLS session tickets. The
                                                                                                                                                                                                                                                            	// first key in the array contains the key to encrypt all new sessions created by this context.
                                                                                                                                                                                                                                                            	// All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
                                                                                                                                                                                                                                                            	// by, for example, putting the new key first, and the previous key second.
                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                            	// If :ref:`session_ticket_keys <envoy_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
                                                                                                                                                                                                                                                            	// is not specified, the TLS library will still support resuming sessions via tickets, but it will
                                                                                                                                                                                                                                                            	// use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
                                                                                                                                                                                                                                                            	// or on different hosts.
                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                            	// Each key must contain exactly 80 bytes of cryptographically-secure random data. For
                                                                                                                                                                                                                                                            	// example, the output of “openssl rand 80“.
                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                            	// .. attention::
                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                            	//   Using this feature has serious security considerations and risks. Improper handling of keys
                                                                                                                                                                                                                                                            	//   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
                                                                                                                                                                                                                                                            	//   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
                                                                                                                                                                                                                                                            	//   discussion. To minimize the risk, you must:
                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                            	//   * Keep the session ticket keys at least as secure as your TLS certificate private keys
                                                                                                                                                                                                                                                            	//   * Rotate session ticket keys at least daily, and preferably hourly
                                                                                                                                                                                                                                                            	//   * Always generate keys using a cryptographically-secure random data source
                                                                                                                                                                                                                                                            	Keys []*v3.DataSource `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                            func (*TlsSessionTicketKeys) Descriptor

                                                                                                                                                                                                                                                            func (*TlsSessionTicketKeys) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                                              Deprecated: Use TlsSessionTicketKeys.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                                              func (*TlsSessionTicketKeys) GetKeys

                                                                                                                                                                                                                                                              func (x *TlsSessionTicketKeys) GetKeys() []*v3.DataSource

                                                                                                                                                                                                                                                              func (*TlsSessionTicketKeys) ProtoMessage

                                                                                                                                                                                                                                                              func (*TlsSessionTicketKeys) ProtoMessage()

                                                                                                                                                                                                                                                              func (*TlsSessionTicketKeys) ProtoReflect

                                                                                                                                                                                                                                                              func (x *TlsSessionTicketKeys) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                                                              func (*TlsSessionTicketKeys) Reset

                                                                                                                                                                                                                                                              func (x *TlsSessionTicketKeys) Reset()

                                                                                                                                                                                                                                                              func (*TlsSessionTicketKeys) String

                                                                                                                                                                                                                                                              func (x *TlsSessionTicketKeys) String() string

                                                                                                                                                                                                                                                              func (*TlsSessionTicketKeys) Validate

                                                                                                                                                                                                                                                              func (m *TlsSessionTicketKeys) Validate() error

                                                                                                                                                                                                                                                                Validate checks the field values on TlsSessionTicketKeys with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                                                                                                type TlsSessionTicketKeysValidationError

                                                                                                                                                                                                                                                                type TlsSessionTicketKeysValidationError struct {
                                                                                                                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                  TlsSessionTicketKeysValidationError is the validation error returned by TlsSessionTicketKeys.Validate if the designated constraints aren't met.

                                                                                                                                                                                                                                                                  func (TlsSessionTicketKeysValidationError) Cause

                                                                                                                                                                                                                                                                    Cause function returns cause value.

                                                                                                                                                                                                                                                                    func (TlsSessionTicketKeysValidationError) Error

                                                                                                                                                                                                                                                                      Error satisfies the builtin error interface

                                                                                                                                                                                                                                                                      func (TlsSessionTicketKeysValidationError) ErrorName

                                                                                                                                                                                                                                                                        ErrorName returns error name.

                                                                                                                                                                                                                                                                        func (TlsSessionTicketKeysValidationError) Field

                                                                                                                                                                                                                                                                          Field function returns field value.

                                                                                                                                                                                                                                                                          func (TlsSessionTicketKeysValidationError) Key

                                                                                                                                                                                                                                                                            Key function returns key value.

                                                                                                                                                                                                                                                                            func (TlsSessionTicketKeysValidationError) Reason

                                                                                                                                                                                                                                                                              Reason function returns reason value.

                                                                                                                                                                                                                                                                              type UpstreamTlsContext

                                                                                                                                                                                                                                                                              type UpstreamTlsContext struct {
                                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                              	// Common TLS context settings.
                                                                                                                                                                                                                                                                              	//
                                                                                                                                                                                                                                                                              	// .. attention::
                                                                                                                                                                                                                                                                              	//
                                                                                                                                                                                                                                                                              	//   Server certificate verification is not enabled by default. Configure
                                                                                                                                                                                                                                                                              	//   :ref:`trusted_ca<envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
                                                                                                                                                                                                                                                                              	//   verification.
                                                                                                                                                                                                                                                                              	CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext,proto3" json:"common_tls_context,omitempty"`
                                                                                                                                                                                                                                                                              	// SNI string to use when creating TLS backend connections.
                                                                                                                                                                                                                                                                              	Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"`
                                                                                                                                                                                                                                                                              	// If true, server-initiated TLS renegotiation will be allowed.
                                                                                                                                                                                                                                                                              	//
                                                                                                                                                                                                                                                                              	// .. attention::
                                                                                                                                                                                                                                                                              	//
                                                                                                                                                                                                                                                                              	//   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
                                                                                                                                                                                                                                                                              	AllowRenegotiation bool `protobuf:"varint,3,opt,name=allow_renegotiation,json=allowRenegotiation,proto3" json:"allow_renegotiation,omitempty"`
                                                                                                                                                                                                                                                                              	// Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
                                                                                                                                                                                                                                                                              	// for TLSv1.2 and older) to store for the purpose of session resumption.
                                                                                                                                                                                                                                                                              	//
                                                                                                                                                                                                                                                                              	// Defaults to 1, setting this to 0 disables session resumption.
                                                                                                                                                                                                                                                                              	MaxSessionKeys *wrappers.UInt32Value `protobuf:"bytes,4,opt,name=max_session_keys,json=maxSessionKeys,proto3" json:"max_session_keys,omitempty"`
                                                                                                                                                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                              func (*UpstreamTlsContext) Descriptor

                                                                                                                                                                                                                                                                              func (*UpstreamTlsContext) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                                                                Deprecated: Use UpstreamTlsContext.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) GetAllowRenegotiation

                                                                                                                                                                                                                                                                                func (x *UpstreamTlsContext) GetAllowRenegotiation() bool

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) GetCommonTlsContext

                                                                                                                                                                                                                                                                                func (x *UpstreamTlsContext) GetCommonTlsContext() *CommonTlsContext

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) GetMaxSessionKeys

                                                                                                                                                                                                                                                                                func (x *UpstreamTlsContext) GetMaxSessionKeys() *wrappers.UInt32Value

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) GetSni

                                                                                                                                                                                                                                                                                func (x *UpstreamTlsContext) GetSni() string

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) ProtoMessage

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) ProtoMessage()

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) ProtoReflect

                                                                                                                                                                                                                                                                                func (x *UpstreamTlsContext) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) Reset

                                                                                                                                                                                                                                                                                func (x *UpstreamTlsContext) Reset()

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) String

                                                                                                                                                                                                                                                                                func (x *UpstreamTlsContext) String() string

                                                                                                                                                                                                                                                                                func (*UpstreamTlsContext) Validate

                                                                                                                                                                                                                                                                                func (m *UpstreamTlsContext) Validate() error

                                                                                                                                                                                                                                                                                  Validate checks the field values on UpstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                                                                                                                  type UpstreamTlsContextValidationError

                                                                                                                                                                                                                                                                                  type UpstreamTlsContextValidationError struct {
                                                                                                                                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                    UpstreamTlsContextValidationError is the validation error returned by UpstreamTlsContext.Validate if the designated constraints aren't met.

                                                                                                                                                                                                                                                                                    func (UpstreamTlsContextValidationError) Cause

                                                                                                                                                                                                                                                                                      Cause function returns cause value.

                                                                                                                                                                                                                                                                                      func (UpstreamTlsContextValidationError) Error

                                                                                                                                                                                                                                                                                        Error satisfies the builtin error interface

                                                                                                                                                                                                                                                                                        func (UpstreamTlsContextValidationError) ErrorName

                                                                                                                                                                                                                                                                                          ErrorName returns error name.

                                                                                                                                                                                                                                                                                          func (UpstreamTlsContextValidationError) Field

                                                                                                                                                                                                                                                                                            Field function returns field value.

                                                                                                                                                                                                                                                                                            func (UpstreamTlsContextValidationError) Key

                                                                                                                                                                                                                                                                                              Key function returns key value.

                                                                                                                                                                                                                                                                                              func (UpstreamTlsContextValidationError) Reason

                                                                                                                                                                                                                                                                                                Reason function returns reason value.