Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/fix #3570

Merged
merged 8 commits into from
Dec 28, 2021
Merged

Fix/fix #3570

merged 8 commits into from
Dec 28, 2021

Conversation

Shylock-Hg
Copy link
Contributor

What type of PR is this?

  • bug
  • feature
  • enhancement

What does this PR do?

Fit the library ssl configuration upgrading.
Need #3471 , seems don't support plaintext in ssl port again.

Which issue(s)/PR(s) this PR relates to?

Special notes for your reviewer, ex. impact of this fix, etc:

Additional context/ Design document:

Checklist:

  • Documentation affected (Please add the label if documentation needs to be modified.)
  • Incompatibility (If it breaks the compatibility, please describe it and add the corresponding label.)
  • If it's needed to cherry-pick (If cherry-pick to some branches is required, please label the destination version(s).)
  • Performance impacted: Consumes more CPU/Memory

Release notes:

Please confirm whether to be reflected in release notes and how to describe:

                                                            `

@Shylock-Hg Shylock-Hg added the type/bug Type: something is unexpected label Dec 27, 2021
@Sophie-Xie Sophie-Xie added this to the v3.0.0 milestone Dec 28, 2021
@Sophie-Xie Sophie-Xie added the wip Solution: work in progress label Dec 28, 2021
@Shylock-Hg Shylock-Hg added ready-for-testing PR: ready for the CI test and removed wip Solution: work in progress labels Dec 28, 2021
Aiee
Aiee reviewed Dec 28, 2021
View reviewed changes
Copy link
Contributor

@Aiee Aiee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we unify ca-signed and self-signeed as one?

src/common/ssl/SSLConfig.cpp
@@ -18,6 +18,7 @@ namespace nebula {
std::shared_ptr<wangle::SSLContextConfig> sslContextConfig() {
auto sslCfg = std::make_shared<wangle::SSLContextConfig>();
sslCfg->addCertificate(FLAGS_cert_path, FLAGS_key_path, FLAGS_password_path);
sslCfg->clientVerification = folly::SSLContext::VerifyClientCertificate::DO_NOT_REQUEST;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean that the certificate from the client could be omitted?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about using "always" and failed if verification fails

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not, it just check CA of server (which is new feature after library upgrading), so I disable it to keep same with before.

HarrisChu
HarrisChu previously approved these changes Dec 28, 2021
View reviewed changes
@HarrisChu HarrisChu added incompatible PR: incompatible with the recently released version and removed incompatible PR: incompatible with the recently released version labels Dec 28, 2021
@Shylock-Hg Shylock-Hg requested a review from Aiee December 28, 2021 07:26
Aiee
Aiee previously approved these changes Dec 28, 2021
View reviewed changes
Copy link
Contributor

@Aiee Aiee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still believe we should not distinguish ca-signed and self-signed cert, maybe address this in another PR.

@HarrisChu HarrisChu dismissed stale reviews from Aiee and themself via 0b96348 December 28, 2021 09:03
@Shylock-Hg
Copy link
Contributor Author

I still believe we should not distinguish ca-signed and self-signed cert, maybe address this in another PR.

Could you detail this proposal?

@yixinglu yixinglu merged commit 5a4a36b into vesoft-inc:master Dec 28, 2021
@HarrisChu HarrisChu mentioned this pull request Dec 30, 2021
Closed
@jamieliu1023 jamieliu1023 mentioned this pull request Jan 1, 2022
Closed
@Shylock-Hg Shylock-Hg deleted the fix/fix branch February 9, 2022 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Aiee Aiee Aiee approved these changes

@HarrisChu HarrisChu HarrisChu approved these changes

Assignees
No one assigned
Labels
ready-for-testing PR: ready for the CI test type/bug Type: something is unexpected
Projects
None yet
Milestone
v3.0.0
Development

Successfully merging this pull request may close these issues.
5 participants
@Shylock-Hg @HarrisChu @Aiee @yixinglu @Sophie-Xie