You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "Fabriceli (via GitHub)" <gi...@apache.org> on 2023/04/13 07:08:56 UTC

[GitHub] [apisix] Fabriceli opened a new pull request, #9301: fix(ssl): ssl label upgrade max len

Fabriceli opened a new pull request, #9301:
URL: https://github.com/apache/apisix/pull/9301

   ### Description
   Upgrade SSL label len 64 to 256
   
   Fixes # (issue)
   https://github.com/apache/apisix-ingress-controller/issues/1768
   
   ### Checklist
   
   - [x] I have explained the need for this PR and the problem it solves
   - [x] I have explained the changes or the new features added to this PR
   - [x] I have added tests corresponding to this change
   - [ ] I have updated the documentation to reflect this change
   - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first)
   
   <!--
   
   Note
   
   1. Mark the PR as draft until it's ready to be reviewed.
   2. Always add/update tests for any changes unless you have a good reason.
   3. Always update the documentation to reflect the changes made in the PR.
   4. Make a new commit to resolve conversations instead of `push -f`.
   5. To resolve merge conflicts, merge master instead of rebasing.
   6. Use "request review" to notify the reviewer after making changes.
   7. Only a reviewer can mark a conversation as resolved.
   
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Fabriceli commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1172798955


##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
         t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
     }
 }
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+    node_listen: 1984
+    ssl:
+        key_encrypt_salt: null
+--- config
+location /t {
+    content_by_lua_block {
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+
+        local ssl_cert = t.read_file("t/certs/apisix.crt")
+        local ssl_key =  t.read_file("t/certs/apisix.key")
+        local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+         labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}

Review Comment:
   done



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1174489424


##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,42 @@ location /t {
         t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
     }
 }
+
+

Review Comment:
   Three blanks are needed



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170826811


##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
         t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
     }
 }
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+    node_listen: 1984
+    ssl:
+        key_encrypt_salt: null
+--- config
+location /t {
+    content_by_lua_block {
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+
+        local ssl_cert = t.read_file("t/certs/apisix.crt")
+        local ssl_key =  t.read_file("t/certs/apisix.key")
+        local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+         labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}

Review Comment:
    the parameters of the second line of functions are to the right of the left parenthesis of the first line.
   ```
   return limit_conn_new("plugin-limit-conn", conf.conn, conf.burst,
                         conf.default_conn_delay)
   
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170797135


##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
         t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
     }
 }
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+    node_listen: 1984
+    ssl:
+        key_encrypt_salt: null
+--- config
+location /t {
+    content_by_lua_block {
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+
+        local ssl_cert = t.read_file("t/certs/apisix.crt")
+        local ssl_key =  t.read_file("t/certs/apisix.key")
+        local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+         labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}

Review Comment:
   What does this line for?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Fabriceli commented on pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1521631448

   > @Fabriceli Please fix the ci
   
   done


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Fabriceli commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1174534533


##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,42 @@ location /t {
         t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
     }
 }
+
+

Review Comment:
   done



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170796050


##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
         t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
     }
 }
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+    node_listen: 1984
+    ssl:
+        key_encrypt_salt: null
+--- config
+location /t {
+    content_by_lua_block {
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+
+        local ssl_cert = t.read_file("t/certs/apisix.crt")
+        local ssl_key =  t.read_file("t/certs/apisix.key")
+        local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+         labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}

Review Comment:
   extra space



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170797135


##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
         t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
     }
 }
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+    node_listen: 1984
+    ssl:
+        key_encrypt_salt: null
+--- config
+location /t {
+    content_by_lua_block {
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+
+        local ssl_cert = t.read_file("t/certs/apisix.crt")
+        local ssl_key =  t.read_file("t/certs/apisix.key")
+        local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+         labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}

Review Comment:
   What does this line for?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 merged pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 merged PR #9301:
URL: https://github.com/apache/apisix/pull/9301


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1179427764


##########
t/admin/ssl4.t:
##########
@@ -16,7 +16,7 @@
 #
 use t::APISIX 'no_plan';
 
-log_level('debug');
+log_level('info');

Review Comment:
   Why do you modify this?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Fabriceli commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1185176286


##########
t/admin/ssl4.t:
##########
@@ -16,7 +16,7 @@
 #
 use t::APISIX 'no_plan';
 
-log_level('debug');
+log_level('info');

Review Comment:
   modified by mistake.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Fabriceli commented on pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1518014202

   No error in my local for Code Lint CI:
   ```sh
   $ make lint
   [ info ] lint -> [ Start ]
   ./utils/check-lua-code-style.sh
   + luacheck -q apisix t/lib
   Total: 0 warnings / 0 errors in 251 files
   + find apisix -name '*.lua' '!' -wholename apisix/cli/ngx_tpl.lua -exec ./utils/lj-releng '{}' +
   + grep -E 'ERROR.*.lua:' /tmp/check.log
   + true
   + '[' -s /tmp/error.log ']'
   ./utils/check-test-code-style.sh
   + find t -name '*.t' -exec grep -E '\-\-\-\s+(SKIP|ONLY|LAST|FIRST)$' '{}' +
   + true
   + '[' -s /tmp/error.log ']'
   + find t -name '*.t' -exec ./utils/reindex '{}' +
   + grep done. /tmp/check.log
   + true
   + '[' -s /tmp/error.log ']'
   [ info ] lint -> [ Done ]
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1519295559

   @Fabriceli Please fix the ci


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Fabriceli commented on pull request #9301: fix(ssl): ssl label upgrade max len

Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1517529613

   could you return the CI? it seems that the unit test is not stable @monkeyDluffy6017 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org