mirror of https://github.com/hashicorp/consul
a09c776645
Envoy's SPIFFE certificate validation extension allows for us to validate against different root certificates depending on the trust domain of the dialing proxy. If there are any trust bundles from peers in the config snapshot then we use the SPIFFE validator as the validation context, rather than the usual TrustedCA. The injected validation config includes the local root certificates as well. |
||
---|---|---|
.. | ||
testing.go |