Skip to content

Commit

Permalink
use 'is_rootcanal_signed' from the config
Browse files Browse the repository at this point in the history 
Summary:
'is_rootcanal_signed' is set in the config based on who issues the given cert.
but this field in not used anywhere in the proxygen code, yet.

let's read this field to set 'isProdCASigned'. it'll be used to decide if the
cert can be fetched directly from ProdCA.

"ProdCA" is used because its the preferred name vs "rootcanal".

Reviewed By: zalecodez

Differential Revision: D51176576

fbshipit-source-id: 5827b2902d1a7b9d08067a14d723df78cef5cc0d
  • Loading branch information
@facebook-github-bot
Rachana Nandan authored and facebook-github-bot committed Nov 10, 2023
1 parent f8063fa commit 92375ed
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions wangle/ssl/SSLContextConfig.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,9 @@ struct SSLContextConfig {
// Load cert-key pairs corresponding to these domains
std::vector<std::string> domains;

// If true, the certs for this domain is signed by our internal CA
bool isProdCASigned{false};

// A namespace to use for sessions generated from this context so that
// they will not be shared between other sessions generated from the
// same context. If not specified the vip name will be used by default
Expand Down

0 comments on commit 92375ed

Please sign in to comment.