You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by gtenev <gi...@git.apache.org> on 2016/08/02 18:44:40 UTC

[GitHub] trafficserver pull request #837: TS-4706 Truncated SNI name during escalatio...

GitHub user gtenev opened a pull request:

    https://github.com/apache/trafficserver/pull/837

    TS-4706 Truncated SNI name during escalation

    A fix for a problem with SSL hostname verification failing due to truncated SNI name.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/gtenev/trafficserver TS-4706

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/837.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #837
    
----
commit 4d02d0e877e24b1dc94948c236462417bdd9bbf0
Author: Gancho Tenev <gt...@gmail.com>
Date:   2016-07-29T23:39:44Z

    TS-4706 Truncated SNI name during escalation
    
    SSL hostname verification failing due to truncated SNI name.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #837: TS-4706 Truncated SNI name during escalation

Posted by zwoop <gi...@git.apache.org>.

Github user zwoop commented on the issue:

    https://github.com/apache/trafficserver/pull/837
  
    I'm generally ok with this for the immediate fixage. My only concern here is that there's now an invariant (it seems) between the client and server HttpHdr, where the caches should be invalidated together for both. That sort of feels like it then could be lifted up in the stack a bit maybe, or at least assertion that the invariant is never broken again.
    
    Alternatively, if there's improvements that can be done here (later) such that the invalidation can be disjoint again, safely, for better performance etc., that'd be cool too. Maybe file a separate lira for this cleanup for later?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #837: TS-4706 Truncated SNI name during escalation

Posted by atsci <gi...@git.apache.org>.

Github user atsci commented on the issue:

    https://github.com/apache/trafficserver/pull/837
  
    FreeBSD build *successful*! See https://ci.trafficserver.apache.org/job/Github-FreeBSD/501/ for details.
     



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #837: TS-4706 Truncated SNI name during escalation

Posted by zwoop <gi...@git.apache.org>.

Github user zwoop commented on the issue:

    https://github.com/apache/trafficserver/pull/837
  
    :+1:


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #837: TS-4706 Truncated SNI name during escalation

Posted by gtenev <gi...@git.apache.org>.

Github user gtenev commented on the issue:

    https://github.com/apache/trafficserver/pull/837
  
    @zwoop thanks for reviewing! 
    
    As far as can tell the escalate plugin was implemented later then the HttpHdr caching and the caching implementation does not support its use-case well. The reason we started noticing the truncated/garbage name problems is that SSL handshake changed (got stricter) 
    
    This fix is meant to solve the immediate problem of having `t_state.hdr_info.server_request` cache not being invalidated after the escalate plugin called `TSHttpTxnRedirectUrlSet()` to retry the request to a secondary origin after the primary origin failed.
    
    This code change would invalidate (only invalidate) client request and server request `HttpHdr` at the same time only during `HttpSM::redirect_request()`, the caching state of the 2 objects would not necessarily be kept (or assumed to be) in sync (client request and server request HttpHdr were not meant to be invariant).
    
    Filed Jira: [TS-4712](https://issues.apache.org/jira/browse/TS-4712) to look into the `HttpHdr` caching use-cases and verify the HttpHdr caching functionality.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #837: TS-4706 Truncated SNI name during escalation

Posted by zwoop <gi...@git.apache.org>.

Github user zwoop commented on the issue:

    https://github.com/apache/trafficserver/pull/837
  
    [approve ci]


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #837: TS-4706 Truncated SNI name during escalation

Posted by atsci <gi...@git.apache.org>.

Github user atsci commented on the issue:

    https://github.com/apache/trafficserver/pull/837
  
    Linux build *successful*! See https://ci.trafficserver.apache.org/job/Github-Linux/398/ for details.
     



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver pull request #837: TS-4706 Truncated SNI name during escalatio...

Posted by zwoop <gi...@git.apache.org>.

Github user zwoop closed the pull request at:

    https://github.com/apache/trafficserver/pull/837


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---