tls: Add support for matching against OtherName SAN type#34471
tls: Add support for matching against OtherName SAN type#34471ggreenway merged 24 commits intoenvoyproxy:mainfrom
Conversation
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
|
Hi @arulthileeban, welcome and thank you for your contribution. We will try to review your Pull Request as quickly as possible. In the meantime, please take a look at the contribution guidelines if you have not done so already. |
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
|
/retest |
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
High level question to get started, thanks.
/wait
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
|
/lgtm api |
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
ggreenway
left a comment
ggreenway
left a comment
There was a problem hiding this comment.
I think this looks good.
I was thinking about the question of validating the type specifically or not, and I think it is probably ok not to because you are validating against a specific OID, and I think that is sufficient.
There's a merge conflict with the changelog; please merge main and fix the conflict.
/wait
Signed-off-by: Arul Thileeban Sagayam <arulthileeban@vt.edu>
|
Thanks for the review @ggreenway. Fixed the conflict and updated the branch |
|
You have spelling failures in the format check; you can put backticks around words in comments to exclude them from spellcheck |
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Thanks. Updated it |
ggreenway
left a comment
ggreenway
left a comment
There was a problem hiding this comment.
Sorry, one more fix: can you add test coverage for V_ASN1_BMPSTRING? I was looking at the coverage report (https://storage.googleapis.com/envoy-pr/868779a/coverage/source/common/tls/utility.cc.gcov.html) and that case is missed.
/wait
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
My bad. I missed that one. Added the change required |
Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com>
Head branch was pushed to by a user without write access
…34471) In the current SAN matcher, only DNS, URI, IP, EMAIL types are supported. This change adds support to match against OtherName. A new config field oid is added which helps define the type of OtherName SAN envoy needs to match against. Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com> Signed-off-by: Fernando Cainelli <fernando.cainelli-external@getyourguide.com>
…34471) In the current SAN matcher, only DNS, URI, IP, EMAIL types are supported. This change adds support to match against OtherName. A new config field oid is added which helps define the type of OtherName SAN envoy needs to match against. Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com> Signed-off-by: Fernando Cainelli <fernando.cainelli-external@getyourguide.com>
…34471) In the current SAN matcher, only DNS, URI, IP, EMAIL types are supported. This change adds support to match against OtherName. A new config field oid is added which helps define the type of OtherName SAN envoy needs to match against. Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com> Signed-off-by: Fernando Cainelli <fernando.cainelli-external@getyourguide.com>
…34471) In the current SAN matcher, only DNS, URI, IP, EMAIL types are supported. This change adds support to match against OtherName. A new config field oid is added which helps define the type of OtherName SAN envoy needs to match against. Signed-off-by: Arul Thileeban Sagayam <arul.thilee@gmail.com> Signed-off-by: Fernando Cainelli <fernando.cainelli-external@getyourguide.com>
5 participants
Commit Message: tls: Add support for matching against OtherName SAN type
In the current SAN matcher, only DNS, URI, IP, EMAIL types are supported. This change adds support to match against OtherName. A new config field oid is added which helps define the type of OtherName SAN envoy needs to match against.
Risk Level: Low
Testing: Unit Testing
Docs Changes: Added
Release Notes: Added
Fixes #34358