linkerd
diff --git a/‎go/destination/destination.pb.go
Lines changed: 403 additions & 234 deletions b/‎go/destination/destination.pb.go
Lines changed: 403 additions & 234 deletions
diff --git a/‎go/destination/destination_grpc.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/destination/destination_grpc.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/grpc_route/grpc_route.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/grpc_route/grpc_route.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/http_route/http_route.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/http_route/http_route.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/http_types/http_types.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/http_types/http_types.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/identity/identity.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/identity/identity.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/identity/identity_grpc.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/identity/identity_grpc.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/inbound/inbound.pb.go
Lines changed: 3 additions & 4 deletions b/‎go/inbound/inbound.pb.go
Lines changed: 3 additions & 4 deletions
diff --git a/‎go/inbound/inbound_grpc.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/inbound/inbound_grpc.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/meta/meta.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/meta/meta.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/net/net.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/net/net.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/outbound/outbound.pb.go
Lines changed: 3 additions & 4 deletions b/‎go/outbound/outbound.pb.go
Lines changed: 3 additions & 4 deletions
diff --git a/‎go/outbound/outbound_grpc.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/outbound/outbound_grpc.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/tap/tap.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/tap/tap.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/tap/tap_grpc.pb.go
Lines changed: 1 addition & 1 deletion b/‎go/tap/tap_grpc.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎proto/destination.proto
Lines changed: 22 additions & 2 deletions b/‎proto/destination.proto
Lines changed: 22 additions & 2 deletions
diff --git a/‎src/gen/io.linkerd.proxy.destination.rs
Lines changed: 25 additions & 2 deletions b/‎src/gen/io.linkerd.proxy.destination.rs
Lines changed: 25 additions & 2 deletions
@@ -103,12 +103,16 @@ message WeightedAddr {
   AuthorityOverride authority_override = 7;
 }
 
-// Which strategy should be used for verifying TLS.
 message TlsIdentity {
   reserved 2;
   reserved "k8s_pod_identity";
 
-  oneof strategy { DnsLikeIdentity dns_like_identity = 1; }
+  oneof strategy {
+    DnsLikeIdentity dns_like_identity = 1;
+    UriLikeIdentity uri_like_identity = 3;
+  }
+
+  ServerName server_name = 4;
 
   // Verify the certificate based on the Kubernetes pod identity.
   message DnsLikeIdentity {
@@ -118,6 +122,22 @@ message TlsIdentity {
     //    {name}.{namespace}.{type}.identity.{control-namespace}.{trust-domain...}
     string name = 1;
   }
+
+  // Verify the certificate based on an URI-like identity.
+  message UriLikeIdentity {
+    // A URI name that encodes workload identity.
+    //
+    // For example:
+    //    spiffe://trust-domain/workload-dentifier
+    string uri = 1;
+  }
+
+  // The server name of the endpoint. This is the value that needs to be included
+  // by clients in the ClientHello SNI extension of the TLS handshake when they
+  // initiate TLS connections to servers.
+  message ServerName {
+    string name = 1;
+  }
 }
 
 message AuthorityOverride { string authority_override = 1; }