58 Commits (17328618488f66e606980a9285a75505ba41d986)

Author SHA1 Message Date
Daniel Nephin 3f873d2257 rpc: include error for AuthorizeServerConn failures 3 years ago
Daniel Nephin 1502547e38 Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc" 3 years ago
Hans Hasselberg 13238dbab6
tls: consider presented intermediates during server connection tls handshake. (#10964) 3 years ago
Evan Culver 79c7e73618
rpc: authorize raft requests (#10925) 3 years ago
Daniel Nephin 7d73fd7ae5 rename GRPC->XDS where appropriate 3 years ago
Daniel Nephin dce59d9277 fix 64-bit aligment for 32-bit platforms 3 years ago
Daniel Nephin dc67042eac Invert the logic of outgoingRPCTLSDisabled 3 years ago
Daniel Nephin 39f282c425 tlsutil: inline verifyIncomingHTTPS 3 years ago
Daniel Nephin a25c817478 tlsutil: remove indirection and duplication 3 years ago
Daniel Nephin 13e5448c17 tlsutil: remove unnecessary getter functions 3 years ago
Daniel Nephin 66ba2e2463 tlsutil: unexport and remove indirection 3 years ago
Daniel Nephin 486b97e2c9 tlsutil: fix default server name for health checks 3 years ago
Daniel Nephin 2aad3f80fb tlsutil: reduce interface provided to auto-config 3 years ago
Daniel Nephin 1ba5acb284 tlsutil: un-ptr and document the manual struct 3 years ago
Daniel Nephin 6289b68247 tlsutil: document Configurator and some of its fields 3 years ago
Daniel Nephin a4432bb0b4 tlsutil: un-ptr and add godoc to autoTLs struct 3 years ago
Daniel Nephin 08cd772626 tlsutil: remove unused method 3 years ago
Daniel Nephin 8d9d6c6a09 tlsutil: unexport two types 3 years ago
Daniel Nephin bca33d818f tlsutil: remove the RLock from log 3 years ago
Daniel Nephin bcf23cd1b4 tlsutil: Un-method Configurator.check 3 years ago
Daniel Nephin b3fa778d91 tlsutil: fix a panic 3 years ago
Daniel Nephin 6f51984313 tlsutil: un-embed the RWMutex 3 years ago
Christopher Broglie f0307c73e5 Add support for configuring TLS ServerName for health checks 4 years ago
Mike Morris 7af643ac37
ci: update to Go 1.15.4 and alpine:3.12 (#9036) 4 years ago
Daniel Nephin e9479175a4 tlsutil: remove unused UseTLS field 4 years ago
Tim Arenz a1fe711390
Add support for -ca-path option in the connect envoy command (#8606) 4 years ago
Matt Keeler dbb461a5d3
Allow setting verify_incoming* when using auto_encrypt or auto_config (#8394) 4 years ago
Matt Keeler 6e7acfa618
Add an AutoEncrypt “integration” test 4 years ago
Matt Keeler 9b01f9423c
Implement the insecure version of the Cluster.AutoConfig RPC endpoint 4 years ago
Hans Hasselberg 51549bd232
rpc: oss changes for network area connection pooling (#7735) 5 years ago
Hans Hasselberg 7777891aa6
tls: remove old ciphers (#7282) 5 years ago
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884) 5 years ago
Hans Hasselberg e05ac57e8f
tls: support tls 1.3 (#7325) 5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130) 5 years ago
Hans Hasselberg 11a571de95
agent: setup grpc server with auto_encrypt certs and add -https-port (#7086) 5 years ago
Hans Hasselberg 9ff69194a2
tls: auto_encrypt and verify_incoming (#6811) (#6899) 5 years ago
Hans Hasselberg a3f49109e6 tls: return auto_encrypt cert for listeners (#6489) 5 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 5 years ago
Hans Hasselberg 7e11dd82aa
agent: enable reloading of tls config (#5419) 6 years ago
R.B. Boyer f4a3b9d518
fix typos reported by golangci-lint:misspell (#5434) 6 years ago
Hans Hasselberg eb0895c5fb
tlsutil: don't use `server_name` config for RPC connections (#5394) 6 years ago
Hans Hasselberg 80e7d63fc2
Centralise tls configuration part 2 (#5374) 6 years ago
Hans Hasselberg 786b3b1095
Centralise tls configuration part 1 (#5366) 6 years ago
Hans Hasselberg 787f3f8aa6 agent: honor when ca is set but verify_outgoing is disabled (#4826) 6 years ago
Jack Pearkes b64e8b262f
Documentation and changes for `verify_server_hostname` (#5069) 6 years ago
Devin Canterberry a61abcd931
🐛 Formatting changes only; add missing trailing commas 7 years ago
Devin Canterberry c901307a47
🔒 Update supported TLS cipher suites 7 years ago
James Phillips 8324c1b9a6
Removes stale TLS config clone() in favor of new supported method. 7 years ago
Kyle Havlovitz 5bab68b9bb Add a path for transitioning to TLS on an existing cluster (#3001) 8 years ago
Kyle Havlovitz b70e419aeb Add TLS cipher suite options and CA path support (#2963) 8 years ago