@@ -23,6 +23,24 @@ Generic placeholders are defined as follows:
2323
2424```
2525tls_server_config:
26+ # Certificate for server to use to authenticate to client.
27+ # Expected to be passed as a PEM encoded sequence of bytes as a string.
28+ #
29+ # NOTE: When passing the cert inline, cert_file should not be specified below.
30+ cert: <string>
31+
32+ # Key for server to use to authenticate to client.
33+ # Expected to be passed as a PEM encoded sequence of bytes as a string.
34+ #
35+ # NOTE: When passing the key inline, key_file should not be specified below.
36+ key: <secret>
37+
38+ # CA certificate for client certificate authentication to the server.
39+ # Expected to be passed as a PEM encoded sequence of bytes as a string.
40+ #
41+ # NOTE: When passing the client_ca inline, client_ca_file should not be specified below.
42+ [ client_ca: <string> ]
43+
2644 # Certificate and key files for server to use to authenticate to client.
2745 cert_file: <filename>
2846 key_file: <filename>
@@ -37,14 +55,14 @@ tls_server_config:
3755
3856 # CA certificate for client certificate authentication to the server.
3957 [ client_ca_file: <filename> ]
40-
41- # Verify that the client certificate has a Subject Alternate Name (SAN)
42- # which is an exact match to an entry in this list, else terminate the
43- # connection. SAN match can be one or multiple of the following: DNS,
58+
59+ # Verify that the client certificate has a Subject Alternate Name (SAN)
60+ # which is an exact match to an entry in this list, else terminate the
61+ # connection. SAN match can be one or multiple of the following: DNS,
4462 # IP, e-mail, or URI address from https://pkg.go.dev/crypto/x509#Certificate.
4563 [ client_allowed_sans:
4664 [ - <string> ] ]
47-
65+
4866 # Minimum TLS version that is acceptable.
4967 [ min_version: <string> | default = "TLS12" ]
5068
0 commit comments