You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docker run -p 8080:8080 -e LOG_JSON=1 cvm-proxy-server
62
70
```
63
71
64
-
By default the server will present Azure TDX attestation, and you can modify that via the `--server-attestation-type` flag.
65
-
The server can be made to present a regular TLS certificate through `--tls-certificate` and `--tls-private-key` flags instead of aTLS one.
72
+
By default the server will present Azure TDX attestation, and you can modify that via the `--server-attestation-type` flag.
73
+
The server can be made to present a regular TLS certificate through `--tls-certificate` and `--tls-private-key` flags instead of aTLS one.
66
74
67
75
By default the server will not verify client attestations, you can change that via `--client-attestation-type` and `--client-measurements` flags. Valid for both aTLS and regular TLS.
68
76
69
77
70
78
This repository contains a [dummy http server](./cmd/dummy-server/main.go) that you can use for testing the server. Simply run `go run ./cmd/dummy-server/main.go` and point your `--target-addr=http://127.0.0.1:8085`. You can also use the sample [measurements.json](./measurements.json).
By default the client will expect the server to present an Azure TDX attestation, and you can modify that via the `--server-attestation-type` and `--server-measurements` flags.
101
-
The server can also be a regular TLS server, which you can configure with the `--verify-tls` flag, which is only valid in combination with `--server-attestation-type=none`. Non-standard CA for the server can also be configured with `--tls-ca-certificate`.
109
+
By default the client will expect the server to present an Azure TDX attestation, and you can modify that via the `--server-attestation-type` and `--server-measurements` flags.
110
+
The server can also be a regular TLS server, which you can configure with the `--verify-tls` flag, which is only valid in combination with `--server-attestation-type=none`. Non-standard CA for the server can also be configured with `--tls-ca-certificate`.
102
111
103
112
By default the client will not present client attestations, you can change that via `--client-attestation-type` flag. Valid for both aTLS and TLS server proxies.
104
113
@@ -107,11 +116,11 @@ This repository contains a sample [measurements.json](./measurements.json) file
107
116
108
117
## Measurements
109
118
110
-
Attestation verification requires the expected measurements which you pass through the `--{client, server}-measurements` flag.
111
-
The measurements are expected to be a JSON map, and multiple valid measurements can be provided. The verifier will attempt to verify with each of the provided measurements, and if any succeeds, the attestation is assumed valid.
119
+
Attestation verification requires the expected measurements which you pass through the `--{client, server}-measurements` flag.
120
+
The measurements are expected to be a JSON map, and multiple valid measurements can be provided. The verifier will attempt to verify with each of the provided measurements, and if any succeeds, the attestation is assumed valid.
112
121
113
-
The (single) validated measurement is json-marshalled and forwarded (returned in the case of client) as "X-Flashbots-Measurement" header, and the type of attestation as "X-Flashbots-Attestation-Type" header. For mapping attestation types to OIDs and issuers, see [internal/attestation/variant/variant.go](./internal/attestation/variant/variant.go).
114
-
To only validate and forward the measurement (as opposed to also authorizing the measurement against an expected one), simply provide an empty expected measurements object.
122
+
The (single) validated measurement is json-marshalled and forwarded (returned in the case of client) as "X-Flashbots-Measurement" header, and the type of attestation as "X-Flashbots-Attestation-Type" header. For mapping attestation types to OIDs and issuers, see [internal/attestation/variant/variant.go](./internal/attestation/variant/variant.go).
123
+
To only validate and forward the measurement (as opposed to also authorizing the measurement against an expected one), simply provide an empty expected measurements object.
0 commit comments