vm/proxyapp: add TLS authentication (#3642)

The "security" field must be set if ProxyApp-over-TCP is used. If "none", do no authentication If "tls", do server TLS, optionally using the certificate specified by "server_tls_cert". mTLS is unimplemented for now.
author: kalder <61064868+kalder@users.noreply.github.com> 2023-01-27 09:59:42 -0800
committer: GitHub <noreply@github.com> 2023-01-27 09:59:42 -0800
commit: b68fb8d69510beaf086b016606202badcfd2eda0 (patch)
tree: 8395540a55a9dd5eb90ad5b9f7a94dd2515afff4 /vm/proxyapp/init.go
parent: c630e2bf7a6cb84eec2005e2e66e35e0d88054cb (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/vm/proxyapp/init.go b/vm/proxyapp/init.go
index afd0db00d..8153cf031 100644
--- a/vm/proxyapp/init.go
+++ b/vm/proxyapp/init.go
@@ -62,6 +62,12 @@ type Config struct {
 	// rpc_server_uri is used to specify plugin endpoint address.
 	// if not specified, we'll connect to the plugin by std[in, out, err].
 	RPCServerURI string `json:"rpc_server_uri"`
+	// security can be one of "none", "tls" (for server TLS) and "mtls" for mutal
+	// TLS.
+	Security string `json:"security"`
+	// server_tls_cert points a TLS certificate used to authenticate the server.
+	// If not provided, the default system certificate pool will be used.
+	ServerTLSCert string `json:"server_tls_cert"`
 	// config is an optional remote plugin config
 	ProxyAppConfig json.RawMessage `json:"config"`
 }
author	kalder <61064868+kalder@users.noreply.github.com>	2023-01-27 09:59:42 -0800
committer	GitHub <noreply@github.com>	2023-01-27 09:59:42 -0800
commit	b68fb8d69510beaf086b016606202badcfd2eda0 (patch)
tree	8395540a55a9dd5eb90ad5b9f7a94dd2515afff4 /vm/proxyapp/init.go
parent	c630e2bf7a6cb84eec2005e2e66e35e0d88054cb (diff)