You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docker run -p 8080:8080 -e LOG_JSON=1 cvm-proxy-server
71
71
```
72
72
73
-
By default the server will present Azure TDX attestation, and you can modify that via the `--server-attestation-type` flag.
73
+
By default the server will determine the attestation issuer automatically, and you can modify that via the `--server-attestation-type` flag.
74
74
The server can be made to present a regular TLS certificate through `--tls-certificate-path` and `--tls-private-key-path` flags instead of aTLS one.
75
75
76
76
By default the server will not verify client attestations, you can change that via `--client-attestation-type` and `--client-measurements` flags. Valid for both aTLS and regular TLS.
@@ -89,7 +89,7 @@ This repository contains a [dummy http server](./cmd/dummy-server/main.go) that
89
89
-`--server-measurements`: optional path to JSON measurements enforced on the server
90
90
-`--verify-tls`: verify server's TLS certificate instead of server's attestation. Only valid for server-attestation-type=none.
91
91
-`--tls-ca-certificate`: additional CA certificate to verify against (PEM) [default=no additional TLS certs]. Only valid with --verify-tls.
92
-
-`--client-attestation-type`: type of attestation to present (none, azure-tdx) (default: "none")
92
+
-`--client-attestation-type`: type of attestation to present (none, auto, dcap-tdx, azure-tdx) (default: "none")
93
93
-`--log-json`: log in JSON format (default: false)
-`--log-dcap-quote`: log dcap quotes to folder quotes/ (default: false)
@@ -111,7 +111,7 @@ make build-proxy-client
111
111
By default the client will expect the server to present an Azure TDX attestation, and you can modify that via the `--server-attestation-type` and `--server-measurements` flags.
112
112
The server can also be a regular TLS server, which you can configure with the `--verify-tls` flag, which is only valid in combination with `--server-attestation-type=none`. Non-standard CA for the server can also be configured with `--tls-ca-certificate`.
113
113
114
-
By default the client will not present client attestations, you can change that via `--client-attestation-type` flag. Valid for both aTLS and TLS server proxies.
114
+
By default the client will not present client attestations, you can change that via `--client-attestation-type` flag. If this is set to "auto", it will try to determine the attestation issuer automatically. Valid for both aTLS and TLS server proxies.
115
115
116
116
This repository contains a sample [measurements.json](./measurements.json) file that you can use. The client will (correctly) complain about unexpected measurements that you can then correct.
0 commit comments