quic: fixing hostname consistency#20436
Merged
alyssawilk merged 6 commits intoenvoyproxy:mainfrom Mar 28, 2022
Merged
Conversation
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Contributor
Author
|
@RyanTheOptimist opened this as draft to check CI and I'm working on merge conflicts, but if you can take a look at the test changes and lmk if you want them split into their own Pr, that'd be great. |
Contributor
Author
|
(not that they're super major, but I tend to not like mixing functional changes and large test changes, and the test changes are borderline large) |
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Contributor
RyanTheOptimist
left a comment
RyanTheOptimist
left a comment
There was a problem hiding this comment.
I think I'd be inclined to split the test changes out into their own PR. As you say, they are quite big. But I could live with them here in this PR.
|
|
||
| Quic::QuicStatNames& quic_stat_names_; | ||
| Stats::Scope& scope_; | ||
| // The origin for this pool. |
Contributor
There was a problem hiding this comment.
It might be nice to mention how this host's hostname might differ from the origin's hostname, and the semantics involved.
alyssawilk
added a commit
that referenced
this pull request
Mar 21, 2022
Upcoming #20436 fixes QUIC to use auto_sni when it's configured. The Envoy integration tests use auto_sni by default, but this causes problems for HTTP/3 which validates that the sni hostname (currently "host" for most test) matches the certificate (*.lyft.com for most tests). Changing the tests independently of the fix PR per request. Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Contributor
Author
|
@ggreenway ping? |
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
ggreenway
previously approved these changes
Mar 28, 2022
Member
ggreenway
left a comment
ggreenway
left a comment
There was a problem hiding this comment.
LGTM, but CI is failing
/wait
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
ggreenway
approved these changes
Mar 28, 2022
ravenblackx
pushed a commit
to ravenblackx/envoy
that referenced
this pull request
Jun 8, 2022
Upcoming envoyproxy#20436 fixes QUIC to use auto_sni when it's configured. The Envoy integration tests use auto_sni by default, but this causes problems for HTTP/3 which validates that the sni hostname (currently "host" for most test) matches the certificate (*.lyft.com for most tests). Changing the tests independently of the fix PR per request. Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
ravenblackx
pushed a commit
to ravenblackx/envoy
that referenced
this pull request
Jun 8, 2022
Fixing hostname issues for upstream HTTP/3. Consistently using correct SNI (configured or auto) as server ID and alt-svc origin everywhere. This also unfortunately required tweaking a LOT of integration tests, as it meant the hostname for SNI was pulled from host headers (as we auto-sni by default in integrationt tests) and HTTP/3 validates that hostname against the certs (test certs are for "foo.lyft.com" but default host for request headers was "host") Risk Level: Low (uptream HTTP/3) Testing: fixed a lot of integration tests. Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixing hostname issues for upstream HTTP/3.
Consistently using correct SNI (configured or auto) as server ID and alt-svc origin everywhere.
This also unfortunately required tweaking a LOT of integration tests, as it meant the hostname for SNI was pulled from host headers (as we auto-sni by default in integrationt tests) and HTTP/3 validates that hostname against the certs (test certs are for "foo.lyft.com" but default host for request headers was "host")
Risk Level: Low (uptream HTTP/3)
Testing: fixed a lot of integration tests.
Docs Changes: n/a
Release Notes: n/a