quic: use sds for upstream http/3 #16462
Conversation
Signed-off-by: Alyssa Wilk <[email protected]>
| return quic_socket_factory->sslCtx(); | ||
| } | ||
|
|
||
| std::shared_ptr<quic::QuicCryptoClientConfig> PersistentQuicInfoImpl::cryptoConfig() { |
There was a problem hiding this comment.
This is somewhat laid-back updating. If a client connection is created before the SSL context update, will its crypto config not be updated till another createQuicNetworkConnection() is called?
Could this be a problem?
There was a problem hiding this comment.
I don't think once a quic client is created we support reloading, so AFIK it'd only be applied when we created a new client anyway.
There was a problem hiding this comment.
ACK.
Another question is if we need to copy over resumption tickets stored in EnvoyQuicSessionCache before replacing crypto config?
There was a problem hiding this comment.
I would think if we changed client certs we'd not want to keep resumption info? cc @RyanTheOptimist
There was a problem hiding this comment.
Yup, that sounds right to me.
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
| [](HttpConnPoolImplBase* pool) { | ||
| [](HttpConnPoolImplBase* pool) -> ::Envoy::ConnectionPool::ActiveClientPtr { | ||
| // If there's no ssl context, the secrets are not loaded. Fast-fail by returning null. | ||
| if (dynamic_cast<Quic::QuicClientTransportSocketFactory*>( |
There was a problem hiding this comment.
Is this cast guaranteed to succeed? Should it be a static_cast, and maybe an ASSERT that the dynamic_cast succeeds?
| // fallback_factory_ will update the stats. | ||
| // TODO(14829) Client transport socket factory may also need to update quic crypto. | ||
| } | ||
| // fallback factory will update the context. |
There was a problem hiding this comment.
nit: capitalize Fallback or change back to fallback_factory_
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
Risk Level: Medium (some data plane refactors, mostly no-ops for !HTTP/3) Testing: turned up HTTP/3 upstream SDS integration tests Docs Changes: n/a Release Notes: n/a part of envoyproxy#14829 Signed-off-by: Alyssa Wilk <[email protected]>
Risk Level: Medium (some data plane refactors, mostly no-ops for !HTTP/3)
Testing: turned up HTTP/3 upstream SDS integration tests
Docs Changes: n/a
Release Notes: n/a
part of #14829