You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/09/07 04:27:02 UTC
[GitHub] [apisix] spacewander opened a new pull request #5000: feat: allow configuring fallback SNI
spacewander opened a new pull request #5000:
URL: https://github.com/apache/apisix/pull/5000
The fallback SNI works around cases that client doesn't send a SNI
during handshake.
By configuring a fallback SNI we can configure a fallback certificate
with the current SSL APIs.
Fix #3147
Signed-off-by: spacewander <sp...@gmail.com>
### What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->
### Pre-submission checklist:
* [x] Did you explain what problem does this PR solve? Or what new features have been added?
* [x] Have you added corresponding test cases?
* [ ] Have you modified the corresponding document?
* [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first**
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a change in pull request #5000: feat: allow configuring fallback SNI
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on a change in pull request #5000:
URL: https://github.com/apache/apisix/pull/5000#discussion_r703374775
##########
File path: t/router/radixtree-sni2.t
##########
@@ -354,3 +354,47 @@ failed to do SSL handshake: handshake failed
failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol
--- no_error_log
[alert]
+
+
+
+=== TEST 9: client request without sni, but fallback_sni is set
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ fallback_sni: "a.test2.com"
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+location /t {
Review comment:
ignore this, it was there the last time I saw it, but it's not there now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on a change in pull request #5000: feat: allow configuring fallback SNI
Posted by GitBox <gi...@apache.org>.
spacewander commented on a change in pull request #5000:
URL: https://github.com/apache/apisix/pull/5000#discussion_r703365195
##########
File path: t/router/radixtree-sni2.t
##########
@@ -354,3 +354,47 @@ failed to do SSL handshake: handshake failed
failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol
--- no_error_log
[alert]
+
+
+
+=== TEST 9: client request without sni, but fallback_sni is set
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ fallback_sni: "a.test2.com"
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+location /t {
Review comment:
? There is no `location /t { /t {`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander merged pull request #5000: feat: allow configuring fallback SNI
Posted by GitBox <gi...@apache.org>.
spacewander merged pull request #5000:
URL: https://github.com/apache/apisix/pull/5000
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a change in pull request #5000: feat: allow configuring fallback SNI
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on a change in pull request #5000:
URL: https://github.com/apache/apisix/pull/5000#discussion_r703224188
##########
File path: t/router/radixtree-sni2.t
##########
@@ -354,3 +354,47 @@ failed to do SSL handshake: handshake failed
failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol
--- no_error_log
[alert]
+
+
+
+=== TEST 9: client request without sni, but fallback_sni is set
+--- yaml_config
+apisix:
+ node_listen: 1984
+ ssl:
+ fallback_sni: "a.test2.com"
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+location /t {
Review comment:
What is the `location /t { /t {` style, it looks so strange, all the following ones are this repeated nested layer.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org