tls: separate out cert validation logic from ContextImpl#14757
tls: separate out cert validation logic from ContextImpl#14757ggreenway merged 3 commits intoenvoyproxy:mainfrom
Conversation
mathetake
changed the title
Signed-off-by: mathetake <takeshi@tetrate.io>
mathetake
force-pushed
the
refactor-cert-validation
branch
from
38907b4 to
7004480
Compare
mathetake
requested review from
PiotrSikora,
alyssawilk,
asraa,
ggreenway,
lizan and
mattklein123
as code owners
|
Overall this looks good, the coverage is missing from some error config part: were them covered before? |
|
looks like they haven't been covered before as well :https://storage.googleapis.com/envoy-pr/e1ca2ab/coverage/source/extensions/transport_sockets/tls/context_impl.cc.gcov.html but some of them are formatted into multiple lines in this PR plus the file size becomes smaller so I think that is why the coverage goes down in terms of the number of lines covered 😕 |
Signed-off-by: mathetake <takeshi@tetrate.io>
|
/retest |
|
Retrying Azure Pipelines: |
|
@lizan added the coverage exception. PTAL |
|
@ggreenway for non-tetrands review |
port of tls: separate out cert validation logic from ContextImpl (envoyproxy#14757)
3 participants
The first step towards #14614. Ref #14614 (comment)
Note that the change is almost moving codes from
context_impltocert_validator/**with a bit of necessary tweaks.Commit Message: tls: separate out cert validation logic from ContextImpl
Additional Description: In order to create the extension point for certificate validation, separated out the cert validation logics from Tls::ContextImpl, and move them to Tls::DefaultCertValidator which implements Tls::CertValidator interface. Ref: #14614 and #9284
Risk Level: low (almost code moves)
Testing: unittest
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
cc @lizan