Freddy 6ef38eaea7 Configure upstream TLS context with peer root certs (#13321) ... For mTLS to work between two proxies in peered clusters with different root CAs, proxies need to configure their outbound listener to use different root certificates for validation. Up until peering was introduced proxies would only ever use one set of root certificates to validate all mesh traffic, both inbound and outbound. Now an upstream proxy may have a leaf certificate signed by a CA that's different from the dialing proxy's. This PR makes changes to proxycfg and xds so that the upstream TLS validation uses different root certificates depending on which cluster is being dialed.		2022-06-01 15:53:52 -06:00
..
common.go	Configure upstream TLS context with peer root certs (#13321)	2022-06-01 15:53:52 -06:00
mock_Provider.go	chore: upgrade mockery to v2 and regenerate (#12836)	2022-04-21 09:48:21 -05:00
provider.go	Support vault namespaces in connect CA (#12904)	2022-05-04 19:41:55 -07:00
provider_aws.go	Configure upstream TLS context with peer root certs (#13321)	2022-06-01 15:53:52 -06:00
provider_aws_test.go	ca/provider: remove ActiveRoot from Provider	2022-01-27 13:07:37 -05:00
provider_consul.go	ca: cleanup validateSetIntermediate	2022-02-17 18:21:30 -05:00
provider_consul_config.go	add root_cert_ttl option for consul connect, vault ca providers (#11428)	2021-11-02 11:02:10 -07:00
provider_consul_test.go	ca/provider: remove ActiveRoot from Provider	2022-01-27 13:07:37 -05:00
provider_test.go	Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311)	2022-02-14 09:45:45 -08:00
provider_vault.go	Configure upstream TLS context with peer root certs (#13321)	2022-06-01 15:53:52 -06:00
provider_vault_test.go	Fix leaked Vault LifetimeRenewers (#12607)	2022-03-28 09:58:16 -05:00
testing.go	ca: require that tests that use Vault are named correctly	2022-02-28 16:13:53 -05:00