Common SSL matching inputs (proto)
extensions.matching.common_inputs.ssl.v3.UriSanInput
[extensions.matching.common_inputs.ssl.v3.UriSanInput proto]
List of comma-delimited URIs in the SAN field of the peer certificate for a downstream.
This extension has the qualified name envoy.matching.inputs.uri_san
Note
This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.
Tip
This extension extends and can be used with the following extension categories:
This extension must be configured with one of the following type URLs:
extensions.matching.common_inputs.ssl.v3.DnsSanInput
[extensions.matching.common_inputs.ssl.v3.DnsSanInput proto]
List of comma-delimited DNS entries in the SAN field of the peer certificate for a downstream.
This extension has the qualified name envoy.matching.inputs.dns_san
Note
This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.
Tip
This extension extends and can be used with the following extension categories:
This extension must be configured with one of the following type URLs:
extensions.matching.common_inputs.ssl.v3.SubjectInput
[extensions.matching.common_inputs.ssl.v3.SubjectInput proto]
Input that matches the subject field of the peer certificate in RFC 2253 format for a downstream.
This extension has the qualified name envoy.matching.inputs.subject
Note
This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.
Tip
This extension extends and can be used with the following extension categories:
This extension must be configured with one of the following type URLs: