quic: Remove envoy.reloadable_features.reject_require_client_certific…

…ate_with_quic (envoyproxy#29119)

Signed-off-by: Ryan Hamilton <[email protected]>

changelogs/current.yaml

@@ -60,6 +60,10 @@ removed_config_or_runtime:
   change: |
     Removed ``envoy.restart_features.use_apple_api_for_dns_lookups`` and legacy code paths.
 
+- area: quic
+  change: |
+    Removed ``envoy.reloadable_features.reject_require_client_certificate_with_quic`` and legacy code paths.
+
 new_features:
 - area: access_log
   change: |

source/common/quic/quic_transport_socket_factory.cc

@@ -23,9 +23,7 @@ QuicServerTransportSocketConfigFactory::createTransportSocketFactory(
   auto server_config = std::make_unique<Extensions::TransportSockets::Tls::ServerContextConfigImpl>(
       quic_transport.downstream_tls_context(), context);
   // TODO(RyanTheOptimist): support TLS client authentication.
-  if (server_config->requireClientCertificate() &&
-      Runtime::runtimeFeatureEnabled(
-          "envoy.reloadable_features.reject_require_client_certificate_with_quic")) {
+  if (server_config->requireClientCertificate()) {
     throw EnvoyException("TLS Client Authentication is not supported over QUIC");
   }
 

source/common/runtime/runtime_features.cc

@@ -68,7 +68,6 @@ RUNTIME_GUARD(envoy_reloadable_features_original_dst_rely_on_idle_timeout);
 RUNTIME_GUARD(envoy_reloadable_features_overload_manager_error_unknown_action);
 RUNTIME_GUARD(envoy_reloadable_features_prohibit_route_refresh_after_response_headers_sent);
 RUNTIME_GUARD(envoy_reloadable_features_quic_defer_logging_to_ack_listener);
-RUNTIME_GUARD(envoy_reloadable_features_reject_require_client_certificate_with_quic);
 RUNTIME_GUARD(envoy_reloadable_features_sanitize_original_path);
 RUNTIME_GUARD(envoy_reloadable_features_send_header_raw_value);
 RUNTIME_GUARD(envoy_reloadable_features_service_sanitize_non_utf8_strings);