Closed jronak closed 1 year ago
Patch and project coverage have no change.
Comparison is base (
f345554
) 85.36% compared to head (05f91cd
) 85.36%.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
Can you also add into the description:
When the empty spiffie id config is provided, what new server config is accepted
My interpretation is that it allow server providing any legit spiffie id but still need to be a legit spiffied id format
Can you also add into the description:
When the empty spiffie id config is provided, what new server config is accepted
My interpretation is that it allow server providing any legit spiffie id but still need to be a legit spiffied id format
Updated, thanks!
Earlier, tls outbound required at least one spiffe id as we wanted to use it to match the server id. Since managing server spiffe id across clients causes issues during the migration, this PR makes spiffe ids an optional field. Outbounds will accept any server certificate issued by the internal CA with any spiffe id if no spiffe ids configuration is provided.