3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-19 17:50:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

envoy: configure upstream IP SAN match as needed

Browse source 
When building an upstream validation context for a particular URL, check
whether the hostname is an IP address. If so, configure the SAN match to
use type IP_ADDRESS rather than DNS.
This commit is contained in:
Kenneth Jenkins 2023-07-20 14:40:15 -07:00
parent 26bbcdfe07
commit 015d1e1fb1
2 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
config/envoyconfig/tls_test.go
View file

@ -21,6 +21,18 @@ func TestBuildSubjectAltNameMatcher(t *testing.T) {
"exact": "example.com"
}
}`, b.buildSubjectAltNameMatcher(&url.URL{Host: "example.com:1234"}, ""))
testutil.AssertProtoJSONEqual(t, `{
"sanType": "IP_ADDRESS",
"matcher": {
"exact": "10.0.0.1"
}
}`, b.buildSubjectAltNameMatcher(&url.URL{Host: "10.0.0.1:1234"}, ""))
testutil.AssertProtoJSONEqual(t, `{
"sanType": "IP_ADDRESS",
"matcher": {
"exact": "fd12:3456:789a:1::1"
}
}`, b.buildSubjectAltNameMatcher(&url.URL{Host: "[fd12:3456:789a:1::1]:1234"}, ""))
testutil.AssertProtoJSONEqual(t, `{
"sanType": "DNS",
"matcher": {