From 92375ed1f2c7d611f4f1b4825e5ba3e2954804c8 Mon Sep 17 00:00:00 2001
From: Rachana Nandan <rnandan@meta.com>
Date: Thu, 9 Nov 2023 20:39:04 -0800
Subject: [PATCH] use 'is_rootcanal_signed' from the config

Summary:
'is_rootcanal_signed' is set in the config based on who issues the given cert.
but this field in not used anywhere in the proxygen code, yet.

let's read this field to set 'isProdCASigned'. it'll be used to decide if the
cert can be fetched directly from ProdCA.

"ProdCA" is used because its the preferred name vs "rootcanal".

Reviewed By: zalecodez

Differential Revision: D51176576

fbshipit-source-id: 5827b2902d1a7b9d08067a14d723df78cef5cc0d
---
 wangle/ssl/SSLContextConfig.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wangle/ssl/SSLContextConfig.h b/wangle/ssl/SSLContextConfig.h
index cb3ca8ca3..2e708c3e5 100644
--- a/wangle/ssl/SSLContextConfig.h
+++ b/wangle/ssl/SSLContextConfig.h
@@ -149,6 +149,9 @@ struct SSLContextConfig {
   // Load cert-key pairs corresponding to these domains
   std::vector<std::string> domains;
 
+  // If true, the certs for this domain is signed by our internal CA
+  bool isProdCASigned{false};
+
   // A namespace to use for sessions generated from this context so that
   // they will not be shared between other sessions generated from the
   // same context. If not specified the vip name will be used by default