You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2019/11/26 07:42:58 UTC
[GitHub] [incubator-apisix] FTwOoO opened a new issue #905: bug:
FTwOoO opened a new issue #905: bug:
URL: https://github.com/apache/incubator-apisix/issues/905
### Issue description
apisix/schema_def.lua: ssl scheme says that the cert maxLength=64*1024,
but when running, maxLength=4096
### Environment
* apisix version (cmd: `apisix version`): 0.8
* OS: docker image iresty/apisix:0.8-alpine
### Minimal test code / Steps to reproduce the issue
1.
```shell
curl -X POST \
http://127.0.0.1:10111/apisix/admin/ssl/ \
-H 'Accept: */*' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Length: 7172' \
-H 'Content-Type: application/json' \
-H 'Host: 127.0.0.1:10111' \
-H 'Postman-Token: 1c7758bf-ce89-4fa5-aa00-317207e75e54,ed9650ab-c3ee-4d08-8d5e-66b906122a76' \
-H 'User-Agent: PostmanRuntime/7.20.1' \
-H 'cache-control: no-cache' \
-d '{
"cert": "-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgIRALCKLYnmWJEGRScGI5ztVeQwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xOTExMjIwMDAwMDBaFw0yMDExMjEyMzU5NTlaMF0xITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEhMB8GA1UECxMYUG9zaXRpdmVTU0wgTXVs
dGktRG9tYWluMRUwEwYDVQQDEwxwdWhhbGl2ZS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDEKo1hbRAXdxW6zjtDub4Lv+brPrWqOPYg9GCKpu6s
ohxujkBxDbMiELgp04oT25IproScFWHhn8Gx/PbyYTfLQqin4L6gGi2SZTqkq0Bq
piLpvu9Pc+piWZ7XAgGXtRAKc7FljY5Tji76YQfgDr8ligWzbdS5PbZSjcvxsAmv
oPzd3oWfRqb4DnucYxXPKSEAb/wVoL/LF1Jk5QQDe4f5hJH74bSwI3X7CU/BcPs3
4bZjDS/qlMXKixZBv1IR7IgslONHj8bp5pfnN7+HCZg6Dpaj9LirhQ769cyVVeRV
7LEP25yMwnQxxMQ2uISYwt2RlA4/DZDPfZyAuSkp/TMhAgMBAAGjggKmMIICojAf
BgNVHSMEGDAWgBSNjF7EVK2K4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUHLrwdi6b
A/o/X4EHtLHXuPkyKhYwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGy
MQECAgcwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYG
Z4EMAQIBMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQu
c2VjdGlnby5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2
ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMEoG
A1UdEQRDMEGCDHB1aGFsaXZlLmNvbYILKi5wdWhhLmxpdmWCDioucHVoYWxpdmUu
Y29tghQqLnFpcGFpZGl5aXNoZXF1LmNvbTCCAQMGCisGAQQB1nkCBAIEgfQEgfEA
7wB1AAe3XBvlfWj/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABbpHsu4UAAAQD
AEYwRAIgA7X5DbuLrN2WIhKvrGUsote6idL99tgnwh50pZnUpSUCIGKJRlCqrzvl
k6EAD/NB7HduWGdMPNRd+xo5a/OIuwpyAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyE
oRIShBh1loFxRVgAAAFukey7bAAABAMARzBFAiAUq9/chKs9AiKF6VlZXAoe552l
6Q+rle/8hMr7Kz5KjAIhAOwfcl3aOWZqq9lns16ZIDVbB7/1i+kpreAlfQyV0QqJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBgYprCLCqTDlzs7G2nGJZ6GB59qcIBbkdRlIKg
t7aqpwvZnLS4CFQuGAHJtlo2zkEELD3PhZLMyVeGVxdyoyQa7hvPBAtOykfbqiDn
Gz0RToBJEUgs92mw1Armzg7+OouAhdTqmosateFUArgJyaGt1dh0My++QsQZzd30
aVez5dOqQoNKyr7iBosdB+61NcqQKh4JQvF2aLGeAUOJgP/0cQDdIk7Ak32SQrLJ
z1Lqru7S7BSji4DYf28RW1LQG8ruOIYuGbyB/drO1KAIBaz9uk0LAbN5Q6Vi1gfQ
SSiP9fqazeGDvPPdB5iFST9W89MTw4WmplSXv9uYXDD/RMiX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----",
"sni": "*.puhalive.com",
"key":"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEKo1hbRAXdxW6
zjtDub4Lv+brPrWqOPYg9GCKpu6sohxujkBxDbMiELgp04oT25IproScFWHhn8Gx
/PbyYTfLQqin4L6gGi2SZTqkq0BqpiLpvu9Pc+piWZ7XAgGXtRAKc7FljY5Tji76
YQfgDr8ligWzbdS5PbZSjcvxsAmvoPzd3oWfRqb4DnucYxXPKSEAb/wVoL/LF1Jk
5QQDe4f5hJH74bSwI3X7CU/BcPs34bZjDS/qlMXKixZBv1IR7IgslONHj8bp5pfn
N7+HCZg6Dpaj9LirhQ769cyVVeRV7LEP25yMwnQxxMQ2uISYwt2RlA4/DZDPfZyA
uSkp/TMhAgMBAAECggEAVuxEGZeqObua9VvNBwWXIL24JSV0eikjZxbicI3n1LdA
wfxmsbHQXpfqAx6pYIM7ER0zxbXz2XZg7e2Zv200u+ydr0X3MhpndydEBROdR6S2
c70Xba1/fnUX3U4WRpMEuJzrToSbPIsUZf3471+Zc5jlTcytJigiUhJi/IV0xU1Z
Vm4bZnPWTVkthRYq+C8EM3l008BYs8srDOFYVkBaH1sf/wy7uMqbJ9zeLfsyUes1
Zh82wEX+GDo8o8tvDFLAo/9MwoJ+LVpVfLqUPOLTf//15PAmlwZ6idYjf+KtA8Vb
yrFJpseLX8PNZhek3wOYu7P/0vuLtam7R3XO3iHswQKBgQD1Qz9Eu9k4NuTxZFMu
7DLe2e37vDHrCAxb0cq4IlNo55"
}'
```
2. info log
2019/11/26 07:35:44 [info] 24#24: *713 [lua] ssl.lua:29: check_conf(): schema: {"required":["sni","key","cert"],"properties":{"sni":{"pattern":"^\\*?[0-9a-zA-Z-.]+$","type":"string"},"cert":{"minLength":128,"maxLength":4096,"type":"string"},"key":{"minLength":128,"maxLength":4096,"type":"string"}},"additionalProperties":false,"type":"object"}, client: 127.0.0.1, server: , request: "POST /apisix/admin/ssl/ HTTP/1.1", host: "127.0.0.1:10111"
### What's the actual result? (including assertion message & call stack if applicable)
HTTP 400:
{"error_msg":"invalid configuration: invalid \"maxLength\" in docuement at pointer \"#\/cert\""}
### What's the expected result?
HTTP 200
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services