-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: improve wildcard matching #11921
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
ggreenway
reviewed
Jul 7, 2020
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a negative-wildcard match test using both matchSubjectAltName()
and verifySubjectAltName()
?
yanavlasov
previously approved these changes
Jul 7, 2020
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
ggreenway
previously approved these changes
Jul 7, 2020
ggreenway
approved these changes
Jul 7, 2020
PiotrSikora
approved these changes
Jul 7, 2020
/backport |
repokitteh-read-only
bot
added
the
backport/review
Request to backport to stable releases
label
Jul 7, 2020
PiotrSikora
added
backport/approved
Approved backports to stable releases
and removed
backport/review
Request to backport to stable releases
labels
Jul 7, 2020
PiotrSikora
pushed a commit
to PiotrSikora/envoy
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora
pushed a commit
to PiotrSikora/envoy
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora
pushed a commit
to PiotrSikora/envoy
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora
added a commit
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora
added a commit
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora
added a commit
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino
pushed a commit
to duderino/envoy
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino
pushed a commit
to duderino/envoy
that referenced
this pull request
Jul 7, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
istio-testing
pushed a commit
to istio/envoy
that referenced
this pull request
Jul 8, 2020
…231) Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com> Co-authored-by: Piotr Sikora <piotrsikora@google.com>
duderino
pushed a commit
to duderino/envoy
that referenced
this pull request
Jul 8, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino
pushed a commit
to duderino/envoy
that referenced
this pull request
Jul 8, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino
pushed a commit
to duderino/envoy
that referenced
this pull request
Jul 8, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com>
istio-testing
pushed a commit
to istio/envoy
that referenced
this pull request
Jul 8, 2020
…232) Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com> Co-authored-by: Piotr Sikora <piotrsikora@google.com>
istio-testing
pushed a commit
to istio/envoy
that referenced
this pull request
Jul 8, 2020
…233) Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com> Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Piotr Sikora <piotrsikora@google.com> Co-authored-by: Piotr Sikora <piotrsikora@google.com>
duderino
added a commit
to duderino/proxy
that referenced
this pull request
Jul 8, 2020
duderino
added a commit
to duderino/proxy
that referenced
this pull request
Jul 8, 2020
istio-testing
pushed a commit
to istio/proxy
that referenced
this pull request
Jul 8, 2020
duderino
pushed a commit
to istio/proxy
that referenced
this pull request
Jul 8, 2020
duderino
added a commit
to duderino/istio
that referenced
this pull request
Jul 8, 2020
duderino
added a commit
to duderino/istio
that referenced
this pull request
Jul 8, 2020
istio-testing
pushed a commit
to istio/istio
that referenced
this pull request
Jul 8, 2020
istio-testing
pushed a commit
to istio/istio
that referenced
this pull request
Jul 8, 2020
scheler
pushed a commit
to scheler/envoy
that referenced
this pull request
Aug 4, 2020
Patching in 11885 with runtime guards and release notes Risk Level: Medium (changes to cert matching) Testing: new unit test Docs Changes: n/a Release Notes: inline Runtime guard: envoy.reloadable_features.fix_wildcard_matching Co-authored-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com Signed-off-by: Alyssa Wilk alyssar@chromium.org Signed-off-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: scheler <santosh.cheler@appdynamics.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Patching in 11885 with runtime guards and release notes
Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching
Co-authored-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com
Signed-off-by: Alyssa Wilk alyssar@chromium.org
Signed-off-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com