Skip to content

TunnelVerifier

saq.sandwich.proto.api.v1.TunnelVerifier

Description

Security requirements to enforce at tunnel-time.

Unlike the X.509 verifier, which is used when creating a context, this verifier is used when creating a tunnel. Thus, the security requirements it describes are enforced to a specific tunnel only.

message TunnelVerifier {
  // The verifier to use at tunnel-time.
  oneof verifier {
    // Subject Alternative Names verifier, to be used when the TLS protocol is
    // used.
    //
    // See [SANVerifier](SANVerifier.md).
    SANVerifier san_verifier = 1;

    // Empty verifier.
    //
    // > **Warning**: when used, no identity will be verified!
    //
    // See [EmptyVerifier](EmptyVerifier.md).
    EmptyVerifier empty_verifier = 2;
  }
}

Fields

oneof verifier

The verifier to use at tunnel-time.

oneof verifier {
    // Subject Alternative Names verifier, to be used when the TLS protocol is
    // used.
    //
    // See [SANVerifier](SANVerifier.md).
    SANVerifier san_verifier = 1;

    // Empty verifier.
    //
    // > **Warning**: when used, no identity will be verified!
    //
    // See [EmptyVerifier](EmptyVerifier.md).
    EmptyVerifier empty_verifier = 2;
  }

san_verifier

Subject Alternative Names verifier, to be used when the TLS protocol is used.

See SANVerifier.

SANVerifier san_verifier = 1;

empty_verifier

Empty verifier.

Warning: when used, no identity will be verified!

See EmptyVerifier.

EmptyVerifier empty_verifier = 2;