You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "Fabriceli (via GitHub)" <gi...@apache.org> on 2023/04/13 07:08:56 UTC
[GitHub] [apisix] Fabriceli opened a new pull request, #9301: fix(ssl): ssl label upgrade max len
Fabriceli opened a new pull request, #9301:
URL: https://github.com/apache/apisix/pull/9301
### Description
Upgrade SSL label len 64 to 256
Fixes # (issue)
https://github.com/apache/apisix-ingress-controller/issues/1768
### Checklist
- [x] I have explained the need for this PR and the problem it solves
- [x] I have explained the changes or the new features added to this PR
- [x] I have added tests corresponding to this change
- [ ] I have updated the documentation to reflect this change
- [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first)
<!--
Note
1. Mark the PR as draft until it's ready to be reviewed.
2. Always add/update tests for any changes unless you have a good reason.
3. Always update the documentation to reflect the changes made in the PR.
4. Make a new commit to resolve conversations instead of `push -f`.
5. To resolve merge conflicts, merge master instead of rebasing.
6. Use "request review" to notify the reviewer after making changes.
7. Only a reviewer can mark a conversation as resolved.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Fabriceli commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1172798955
##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
}
}
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ key_encrypt_salt: null
+--- config
+location /t {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local ssl_cert = t.read_file("t/certs/apisix.crt")
+ local ssl_key = t.read_file("t/certs/apisix.key")
+ local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+ labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}
Review Comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1174489424
##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,42 @@ location /t {
t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
}
}
+
+
Review Comment:
Three blanks are needed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170826811
##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
}
}
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ key_encrypt_salt: null
+--- config
+location /t {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local ssl_cert = t.read_file("t/certs/apisix.crt")
+ local ssl_key = t.read_file("t/certs/apisix.key")
+ local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+ labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}
Review Comment:
the parameters of the second line of functions are to the right of the left parenthesis of the first line.
```
return limit_conn_new("plugin-limit-conn", conf.conn, conf.burst,
conf.default_conn_delay)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170797135
##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
}
}
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ key_encrypt_salt: null
+--- config
+location /t {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local ssl_cert = t.read_file("t/certs/apisix.crt")
+ local ssl_key = t.read_file("t/certs/apisix.key")
+ local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+ labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}
Review Comment:
What does this line for?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Fabriceli commented on pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1521631448
> @Fabriceli Please fix the ci
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Fabriceli commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1174534533
##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,42 @@ location /t {
t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
}
}
+
+
Review Comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170796050
##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
}
}
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ key_encrypt_salt: null
+--- config
+location /t {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local ssl_cert = t.read_file("t/certs/apisix.crt")
+ local ssl_key = t.read_file("t/certs/apisix.key")
+ local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+ labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}
Review Comment:
extra space
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1170797135
##########
t/admin/ssl4.t:
##########
@@ -364,3 +364,40 @@ location /t {
t.test('/apisix/admin/ssls/1', ngx.HTTP_DELETE)
}
}
+
+
+=== TEST 11: set ssl(sni: www.test.com) with long label
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ key_encrypt_salt: null
+--- config
+location /t {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local ssl_cert = t.read_file("t/certs/apisix.crt")
+ local ssl_key = t.read_file("t/certs/apisix.key")
+ local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com",
+ labels = {"secret-name": "js-design-test-bigdata-data-app-service-router-my-secret-number-123456"}}
Review Comment:
What does this line for?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 merged pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 merged PR #9301:
URL: https://github.com/apache/apisix/pull/9301
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1179427764
##########
t/admin/ssl4.t:
##########
@@ -16,7 +16,7 @@
#
use t::APISIX 'no_plan';
-log_level('debug');
+log_level('info');
Review Comment:
Why do you modify this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Fabriceli commented on a diff in pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on code in PR #9301:
URL: https://github.com/apache/apisix/pull/9301#discussion_r1185176286
##########
t/admin/ssl4.t:
##########
@@ -16,7 +16,7 @@
#
use t::APISIX 'no_plan';
-log_level('debug');
+log_level('info');
Review Comment:
modified by mistake.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Fabriceli commented on pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1518014202
No error in my local for Code Lint CI:
```sh
$ make lint
[ info ] lint -> [ Start ]
./utils/check-lua-code-style.sh
+ luacheck -q apisix t/lib
Total: 0 warnings / 0 errors in 251 files
+ find apisix -name '*.lua' '!' -wholename apisix/cli/ngx_tpl.lua -exec ./utils/lj-releng '{}' +
+ grep -E 'ERROR.*.lua:' /tmp/check.log
+ true
+ '[' -s /tmp/error.log ']'
./utils/check-test-code-style.sh
+ find t -name '*.t' -exec grep -E '\-\-\-\s+(SKIP|ONLY|LAST|FIRST)$' '{}' +
+ true
+ '[' -s /tmp/error.log ']'
+ find t -name '*.t' -exec ./utils/reindex '{}' +
+ grep done. /tmp/check.log
+ true
+ '[' -s /tmp/error.log ']'
[ info ] lint -> [ Done ]
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1519295559
@Fabriceli Please fix the ci
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Fabriceli commented on pull request #9301: fix(ssl): ssl label upgrade max len
Posted by "Fabriceli (via GitHub)" <gi...@apache.org>.
Fabriceli commented on PR #9301:
URL: https://github.com/apache/apisix/pull/9301#issuecomment-1517529613
could you return the CI? it seems that the unit test is not stable @monkeyDluffy6017
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org