You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/08/30 09:14:38 UTC

[GitHub] [apisix] caiwenhao opened a new pull request, #7820: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

caiwenhao opened a new pull request, #7820:
URL: https://github.com/apache/apisix/pull/7820

   场景： ssl for saas业务场景下，网关层不配置证书，https请求在CF层拦截。CF回源到网关层，使用默认的证书。只要证书在有效期，CF会忽略证书域名的检查。目前的问题是， apisix  sni无法匹配证书的时直接终止了。
   
   期望： apisix  sni无法匹配证书的时候，使用默认证书，使请求可以进行下去。


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

tokers commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1231459904

   Does the `fallback_sni` satisfy your need?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] github-actions[bot] commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1373423860

   This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] github-actions[bot] closed pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

github-actions[bot] closed pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止
URL: https://github.com/apache/apisix/pull/7820


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1231507931

   I do not accept this violent modification. You can keep this modification in your version and do not feed it back upstream.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] exfly commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

exfly commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1272740519

   Very urgent feature, is it possible to add a feat flag to choose whether to enable this feature?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

tokers commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1273008603

   > Very urgent feature, is it possible to add a feat flag to choose whether to enable this feature?
   
   Try to describe your design elaborately and let's discuss it. Or if it's quite emergent, hack APISIX by yourself.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] soulbird commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

soulbird commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1232352532

   Like you said, this change applies in the ssl for saas scenario. As a general API gateway, APISIX introduces this change, which will increase security risks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] caiwenhao commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

caiwenhao commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1231475027

   > 
   fallback_sni无法满足需求，SNI 并不为空。
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] github-actions[bot] commented on pull request #7820: change: sni无法匹配ssl证书的时候，使用默认证书，而不是错误终止

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on PR #7820:
URL: https://github.com/apache/apisix/pull/7820#issuecomment-1344102656

   This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org