Common SSL Matching Inputs (proto)

extensions.matching.common_inputs.ssl.v3.UriSanInput

[extensions.matching.common_inputs.ssl.v3.UriSanInput proto]

List of comma-delimited URIs in the SAN field of the peer certificate for a downstream.

This extension has the qualified name envoy.matching.inputs.uri_san

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension categories:

This extension must be configured with one of the following type URLs:

extensions.matching.common_inputs.ssl.v3.DnsSanInput

[extensions.matching.common_inputs.ssl.v3.DnsSanInput proto]

List of comma-delimited DNS entries in the SAN field of the peer certificate for a downstream.

This extension has the qualified name envoy.matching.inputs.dns_san

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension categories:

This extension must be configured with one of the following type URLs:

extensions.matching.common_inputs.ssl.v3.SubjectInput

[extensions.matching.common_inputs.ssl.v3.SubjectInput proto]

Input that matches the subject field of the peer certificate in RFC 2253 format for a downstream.

This extension has the qualified name envoy.matching.inputs.subject

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension categories:

This extension must be configured with one of the following type URLs: