backport to 1.16: tls: fix detection of the upstream connection close event. (#13858) by cpakulski · Pull Request #14452 · envoyproxy/envoy

cpakulski · 2020-12-16T21:38:36Z

Commit Message:
backport to 1.16: tls: fix detection of the upstream connection close event. (#13858)

Fixes #13856.

cpakulski · 2020-12-17T22:10:12Z

/retest

repokitteh-read-only · 2020-12-17T22:10:17Z

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

antoniovicente

Can you comment about the need to pull in changes in #13702 as part of this PR?

Backport of these changes looks good.

cpakulski · 2020-12-18T15:38:25Z

Explanation why #13702 was cherry-picked:

The new tests added for this fix use certificates and keys from a new directory, which was not present in 1.16:

{{ test_rundir }}/test/extensions/transport_sockets/tls/test_data/unittest_cert.pem
{{ test_rundir }}/test/extensions/transport_sockets/tls/test_data/unittest_key.pem
{{ test_rundir }}/test/extensions/transport_sockets/tls/test_data/ca_certificates.pem

This probably could be solved by referring to those *.pem files in other way, but given that 1.16 will be maintained for at least 4 quarters, this is probably the best way to avoid future backport conflicts.

antoniovicente · 2020-12-22T21:52:59Z

I was about to merge but I see a conflict in docs/root/version_history/current.rst

Could you merge in the changes to the branch?

…y#13858) Fixes envoyproxy#13856. Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Signed-off-by: Taylor Barrella <tabarr@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* test: Check in all TLS test certs - Will prevent openssl fork-emulation issues on Windows/msys2 that cause test flakiness - modifies context_impl_test to no longer requires a cert that is generated on the fly to expire in 15 days Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

cpakulski · 2020-12-23T00:42:32Z

/retest

repokitteh-read-only · 2020-12-23T00:42:36Z

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

cpakulski · 2020-12-23T01:30:46Z

/retest

repokitteh-read-only · 2020-12-23T01:30:50Z

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

antoniovicente · 2020-12-23T03:34:39Z

/retest

antoniovicente · 2020-12-23T03:35:17Z

/retest

repokitteh-read-only · 2020-12-23T03:35:21Z

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @antoniovicente.

see: more, trace.

cpakulski · 2020-12-23T15:26:49Z

/retest

repokitteh-read-only · 2020-12-23T15:26:53Z

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

antoniovicente

macos CI issue seems infrastructure related, merging.

* backport to 1.16: http: fixing a bug with IPv6 hosts (envoyproxy#14238) Fixing a bug where HTTP parser offsets for IPv6 hosts did not include [] and Envoy assumed it did. This results in mis-parsing addresses for IPv6 CONNECT requests and IPv6 hosts in fully URLs over HTTP/1.1 Risk Level: low Testing: new unit, integration tests Docs Changes: n/a Release Notes: inline Signed-off-by: Shikugawa <rei@tetrate.io> Co-authored-by: alyssawilk <alyssar@chromium.org> * backport to 1.16: vrp: allow supervisord to open its log file (envoyproxy#14066) (envoyproxy#14279) Commit Message: Allow supervisord to open its log file Additional Description: Change the default location of the log file and give supervisord permissions to write to it. Risk Level: low Testing: built image locally Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> * Closing release 1.16.2. (envoyproxy#14308) Signed-off-by: Christoph Pakulski <christoph@tetrate.io> * Kick-off rel 1.16.3. (envoyproxy#14321) Signed-off-by: Christoph Pakulski <christoph@tetrate.io> * lua: reset downstream_ssl_connection in StreamInfoWrapper when object is marked dead by Lua GC (envoyproxy#14092) (envoyproxy#14449) Co-authored-by: Marcin Falkowski <marcin.falkowski@allegro.pl> * backport to 1.16: tls: fix detection of the upstream connection close event. (envoyproxy#13858) (envoyproxy#14452) Fixes envoyproxy#13856. This change also contains the following backports: - build: Fix some unused variable warnings (envoyproxy#13987) - test: Check in all TLS test certs (envoyproxy#13702) Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> * backport to 1.16: aggregate cluster: fix TLS init issue (envoyproxy#14456) Additional Description: Based on envoyproxy#14388 Risk Level: Low Testing: Build and run the repro from envoyproxy#14119 without crashing, `bazel test test/extensions/clusters/aggregate:cluster_test` Docs Changes: N/A Release Notes: envoyproxy#14119 Signed-off-by: Taylor Barrella <tabarr@google.com> Co-authored-by: Rei Shimizu <rei@tetrate.io> Co-authored-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: Marcin Falkowski <marcin.falkowski@allegro.pl>

alyssawilk assigned antoniovicente Dec 17, 2020

cpakulski marked this pull request as ready for review December 17, 2020 23:31

cpakulski requested review from PiotrSikora and lizan as code owners December 17, 2020 23:31

antoniovicente approved these changes Dec 18, 2020

View reviewed changes

antoniovicente approved these changes Dec 21, 2020

View reviewed changes

cpakulski force-pushed the rel1.16/13858 branch from b09e1ce to 7714f10 Compare December 22, 2020 22:17

PiotrSikora and others added 5 commits December 22, 2020 22:40

tls: fix detection of the upstream connection close event. (envoyprox…

cb24f99

…y#13858) Fixes envoyproxy#13856. Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Corrected release notes.

99484c6

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

build: Fix some unused variable warnings (envoyproxy#13987)

43c8a2d

Signed-off-by: Taylor Barrella <tabarr@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Corrected release notes.

b649f13

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

cpakulski force-pushed the rel1.16/13858 branch from 7714f10 to b649f13 Compare December 22, 2020 22:49

antoniovicente approved these changes Dec 29, 2020

View reviewed changes

antoniovicente merged commit 15f02f0 into envoyproxy:release/v1.16 Dec 29, 2020

cpakulski deleted the rel1.16/13858 branch January 5, 2021 19:43

Conversation

cpakulski commented Dec 16, 2020

Uh oh!

cpakulski commented Dec 17, 2020

Uh oh!

repokitteh-read-only bot commented Dec 17, 2020

Uh oh!

antoniovicente left a comment

Choose a reason for hiding this comment

Uh oh!

cpakulski commented Dec 18, 2020

Uh oh!

antoniovicente commented Dec 22, 2020

Uh oh!

cpakulski commented Dec 23, 2020

Uh oh!

repokitteh-read-only bot commented Dec 23, 2020

Uh oh!

cpakulski commented Dec 23, 2020

Uh oh!

repokitteh-read-only bot commented Dec 23, 2020

Uh oh!

antoniovicente commented Dec 23, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

antoniovicente commented Dec 23, 2020

Uh oh!

repokitteh-read-only bot commented Dec 23, 2020

Uh oh!

cpakulski commented Dec 23, 2020

Uh oh!

repokitteh-read-only bot commented Dec 23, 2020

Uh oh!

antoniovicente left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

antoniovicente commented Dec 23, 2020 •

edited

Loading