External HTTPS proxy with custom CA


we are facing a challenge with istio egress with an external https proxy. where CA is private and we want to validate it inside the envoy instead of the application container, We tried the same scenario with squid which was using public CA and working fine for us because cert was validating inside the application container. but now we are using an external HTTPS proxy and cert validation getting failed. looking for the configuration that can help me to validate certs without adding in the application pod.

Thank you in advance for the help

Waiting for the help

I believe this fix is what you need, we have similar issue and we’re still waiting for this to be release, we should try to push for it: https://github.com/istio/istio/pull/37968