Skip to content
This repository has been archived by the owner on Nov 20, 2024. It is now read-only.

TLS splicing/bumping #57

Merged
merged 35 commits into from
Dec 21, 2022
Merged

TLS splicing/bumping #57

Changes from 1 commit
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
225f317
TLS bumping integration
Feb 15, 2022
6e62821
Add docs for building TLS bumping
Sep 26, 2022
ed842b0
Add docs for testing TLS bumping without CONNECT
Sep 26, 2022
c7503ab
Add config for bumping with http connect case (#308)
Sep 26, 2022
df331ec
Add config for TLS splicing without HTTP CONNECT case
Sep 26, 2022
cb9d087
Add config for TLS splicing with HTTP CONNECT case
Sep 26, 2022
ab29125
Add config for TLS splicing/bumping w/wo HTTP CONNECT
Sep 27, 2022
81f77b0
Improve doc with testing details (#309)
Sep 27, 2022
638f3b5
Expiration time check (#320)
liverbirdkte Oct 12, 2022
4709f58
Update splicing/bumping config to cover more test cases
Oct 12, 2022
3fa1750
Fix issues of subject and expiration time (#322)
liverbirdkte Oct 13, 2022
de16d66
Update config to cover http2 test case
Oct 13, 2022
a588d06
skip duplicate certs check
Oct 18, 2022
553755f
Fix doc (#325)
liverbirdkte Oct 18, 2022
00a857a
Fix lacking sni of tls handshake in bumping filter (#329)
liverbirdkte Oct 27, 2022
b3f0189
Refactor local certificate provider config (#337)
liverbirdkte Nov 22, 2022
108d402
Add support for different pkey types and sizes (#342)
Nov 22, 2022
b3c56d3
tls: SNI-based cert selection during TLS handshake
Dec 1, 2022
c17e498
Cache size (#347)
liverbirdkte Dec 1, 2022
6ce4aa3
remove useless files
Dec 1, 2022
b6627ab
remove useless docs/notes due to rebase
Dec 1, 2022
ea3ed5e
add mocks to pass test compiling
Dec 1, 2022
b7ae2b7
code cleanup
Dec 2, 2022
b76971b
replace raw pointer with smart pointer
Dec 2, 2022
c549f0c
Code cleanup (#349)
liverbirdkte Dec 2, 2022
1bc698c
tls: allow multiple certs with the same SAN
ggreenway Dec 7, 2022
b65d4f4
bug fix
Dec 12, 2022
bfc4d84
avoid establishing additional connection with upstream
Dec 14, 2022
9c130c1
bug fix: add nullptr check for cert
Dec 13, 2022
92e25a2
fix format
Dec 20, 2022
dccf77d
fix test case
Dec 20, 2022
3e47389
Fix active tcp listener test (#351)
liverbirdkte Dec 20, 2022
e598dbf
fix code format and fix spelling format
Dec 20, 2022
8b3a178
fix clang_tidy warning
Dec 20, 2022
b0c8113
add matt to CODEOWNER to pass format check
Dec 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions source/extensions/transport_sockets/tls/context_impl.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -889,12 +889,13 @@ void ServerContextImpl::populateServerNamesMap(TlsContext& ctx, int pkey_id) {
auto sn_match = server_names_map_.try_emplace(sn_pattern, pkey_types_map).first;
auto pt_match = sn_match->second.find(pkey_id);
if (pt_match != sn_match->second.end()) {
throw EnvoyException(fmt::format(
"Failed to load certificate chain from {}, at most one "
"certificate of a given type may be specified for each DNS SAN entry or Subject CN: {}",
ctx.cert_chain_file_path_, sn_match->first));
// throw EnvoyException(fmt::format(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just remove code, no need to comment. Version control will track the changes.

// "Failed to load certificate chain from {}, at most one "
// "certificate of a given type may be specified for each DNS SAN entry or Subject CN: {}",
// ctx.cert_chain_file_path_, sn_match->first));
} else {
sn_match->second.emplace(std::pair<int, std::reference_wrapper<TlsContext>>(pkey_id, ctx));
}
sn_match->second.emplace(std::pair<int, std::reference_wrapper<TlsContext>>(pkey_id, ctx));
};

bssl::UniquePtr<GENERAL_NAMES> san_names(static_cast<GENERAL_NAMES*>(
Expand Down