You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/09/07 04:27:02 UTC

[GitHub] [apisix] spacewander opened a new pull request #5000: feat: allow configuring fallback SNI

spacewander opened a new pull request #5000:
URL: https://github.com/apache/apisix/pull/5000


   The fallback SNI works around cases that client doesn't send a SNI
   during handshake.
   By configuring a fallback SNI we can configure a fallback certificate
   with the current SSL APIs.
   Fix #3147
   
   Signed-off-by: spacewander <sp...@gmail.com>
   
   ### What this PR does / why we need it:
   <!--- Why is this change required? What problem does it solve? -->
   <!--- If it fixes an open issue, please link to the issue here. -->
   
   ### Pre-submission checklist:
   
   * [x] Did you explain what problem does this PR solve? Or what new features have been added?
   * [x] Have you added corresponding test cases?
   * [ ] Have you modified the corresponding document?
   * [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first**
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #5000: feat: allow configuring fallback SNI

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on a change in pull request #5000:
URL: https://github.com/apache/apisix/pull/5000#discussion_r703374775



##########
File path: t/router/radixtree-sni2.t
##########
@@ -354,3 +354,47 @@ failed to do SSL handshake: handshake failed
 failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol
 --- no_error_log
 [alert]
+
+
+
+=== TEST 9: client request without sni, but fallback_sni is set
+--- yaml_config
+apisix:
+  node_listen: 1984
+  ssl:
+    fallback_sni: "a.test2.com"
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+location /t {

Review comment:
       ignore this, it was there the last time I saw it, but it's not there now.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on a change in pull request #5000: feat: allow configuring fallback SNI

Posted by GitBox <gi...@apache.org>.

spacewander commented on a change in pull request #5000:
URL: https://github.com/apache/apisix/pull/5000#discussion_r703365195



##########
File path: t/router/radixtree-sni2.t
##########
@@ -354,3 +354,47 @@ failed to do SSL handshake: handshake failed
 failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol
 --- no_error_log
 [alert]
+
+
+
+=== TEST 9: client request without sni, but fallback_sni is set
+--- yaml_config
+apisix:
+  node_listen: 1984
+  ssl:
+    fallback_sni: "a.test2.com"
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+location /t {

Review comment:
       ? There is no `location /t { /t {`.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander merged pull request #5000: feat: allow configuring fallback SNI

Posted by GitBox <gi...@apache.org>.

spacewander merged pull request #5000:
URL: https://github.com/apache/apisix/pull/5000


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #5000: feat: allow configuring fallback SNI

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on a change in pull request #5000:
URL: https://github.com/apache/apisix/pull/5000#discussion_r703224188



##########
File path: t/router/radixtree-sni2.t
##########
@@ -354,3 +354,47 @@ failed to do SSL handshake: handshake failed
 failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol
 --- no_error_log
 [alert]
+
+
+
+=== TEST 9: client request without sni, but fallback_sni is set
+--- yaml_config
+apisix:
+  node_listen: 1984
+  ssl:
+    fallback_sni: "a.test2.com"
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+location /t {

Review comment:
       What is the `location /t { /t {` style, it looks so strange, all the following ones are this repeated nested layer.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org