You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
is_issued_by_known_root is part of the return result of jvm_verify_x509_cert_chain(). It is an indicator whether Envoy Mobile is behind any proxy, and it is ignored today in cert validation. In Chrome, if this value is false, it will fail the validation for HTTP/3 because QUIC is not well supported by third party proxies, with an exception list of host names which allows users to voluntarily use QUIC behind the proxy. E-M likely will need the same feature.
One way to implement this can be plumbing this return result back to Envoy via the CertValidator interface, and let the EnvoyQuicProofVerifier to override the result based on some Envoy config knob. And add engine interface in E-M to modify the Envoy knob.
The text was updated successfully, but these errors were encountered:
is_issued_by_known_root is part of the return result of jvm_verify_x509_cert_chain(). It is an indicator whether Envoy Mobile is behind any proxy, and it is ignored today in cert validation. In Chrome, if this value is false, it will fail the validation for HTTP/3 because QUIC is not well supported by third party proxies, with an exception list of host names which allows users to voluntarily use QUIC behind the proxy. E-M likely will need the same feature.
One way to implement this can be plumbing this return result back to Envoy via the CertValidator interface, and let the EnvoyQuicProofVerifier to override the result based on some Envoy config knob. And add engine interface in E-M to modify the Envoy knob.
The text was updated successfully, but these errors were encountered: