Dynamic Module Certificate Validator (proto)
This extension has the qualified name envoy.tls.cert_validator.dynamic_modules
Note
This extension is functional but has not had substantial production burn time, use only with this caveat.
This extension is not hardened and should only be used in deployments where both the downstream and upstream are trusted.
Tip
This extension extends and can be used with the following extension category:
extensions.transport_sockets.tls.cert_validator.dynamic_modules.v3.DynamicModuleCertValidatorConfig
Configuration for the dynamic module certificate validator.
Example:
custom_validator_config:
name: envoy.tls.cert_validator.dynamic_modules
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.cert_validator.dynamic_modules.v3.DynamicModuleCertValidatorConfig
dynamic_module_config:
name: my_module
validator_name: my_validator
{
"dynamic_module_config": {...},
"validator_name": ...,
"validator_config": {...}
}
- dynamic_module_config
(extensions.dynamic_modules.v3.DynamicModuleConfig, REQUIRED) Dynamic module configuration. See dynamic module configuration for details.
- validator_name
(string, REQUIRED) The name of the cert validator implementation in the dynamic module. This is passed to the module’s
envoy_dynamic_module_on_cert_validator_config_newfunction.
- validator_config
(Any) Optional configuration for the cert validator. This is passed as bytes to the dynamic module.