Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: improve wildcard matching #11921

Merged
merged 3 commits into from
Jul 7, 2020
Merged

tls: improve wildcard matching #11921

merged 3 commits into from
Jul 7, 2020

Conversation

alyssawilk
Copy link
Contributor

Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Co-authored-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com
Signed-off-by: Alyssa Wilk alyssar@chromium.org
Signed-off-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com

@alyssawilk
Patching in 11885 with runtime guards and release notes
223fba5 
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
ggreenway
ggreenway reviewed Jul 7, 2020
View reviewed changes
Copy link
Contributor

@ggreenway ggreenway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a negative-wildcard match test using both matchSubjectAltName() and verifySubjectAltName()?

yanavlasov
yanavlasov previously approved these changes Jul 7, 2020
View reviewed changes
@alyssawilk
more testS
18bd09f 
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
ggreenway
ggreenway previously approved these changes Jul 7, 2020
View reviewed changes
@alyssawilk
incompat
4f35b03 
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
@alyssawilk alyssawilk merged commit 7a1f2bc into envoyproxy:master Jul 7, 2020
@PiotrSikora
Copy link
Contributor

/backport

@repokitteh-read-only repokitteh-read-only bot added the backport/review Request to backport to stable releases label Jul 7, 2020
@PiotrSikora PiotrSikora added backport/approved Approved backports to stable releases and removed backport/review Request to backport to stable releases labels Jul 7, 2020
@ggreenway ggreenway mentioned this pull request Jul 7, 2020
Closed
PiotrSikora pushed a commit to PiotrSikora/envoy that referenced this pull request Jul 7, 2020
@alyssawilk @PiotrSikora
tls: improve wildcard matching (envoyproxy#11921)
e3ca1a7 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora pushed a commit to PiotrSikora/envoy that referenced this pull request Jul 7, 2020
@alyssawilk @PiotrSikora
tls: improve wildcard matching (envoyproxy#11921)
bdb1137 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora pushed a commit to PiotrSikora/envoy that referenced this pull request Jul 7, 2020
@alyssawilk @PiotrSikora
tls: improve wildcard matching (envoyproxy#11921)
25f54f0 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora added a commit that referenced this pull request Jul 7, 2020
@PiotrSikora
tls: improve wildcard matching (#11921) (#11927)
b2ffdd8 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora added a commit that referenced this pull request Jul 7, 2020
@PiotrSikora
tls: improve wildcard matching (#11921) (#11928)
74c2217 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora added a commit that referenced this pull request Jul 7, 2020
@PiotrSikora
tls: improve wildcard matching (#11921) (#11929)
923c411 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino pushed a commit to duderino/envoy that referenced this pull request Jul 7, 2020
@alyssawilk @duderino
tls: improve wildcard matching (envoyproxy#11921)
6e84f6d 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino pushed a commit to duderino/envoy that referenced this pull request Jul 7, 2020
@PiotrSikora @duderino
tls: improve wildcard matching (envoyproxy#11921) (envoyproxy#11927)
e6de5c8 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
istio-testing pushed a commit to istio/envoy that referenced this pull request Jul 8, 2020
@PiotrSikora
tls: improve wildcard matching (envoyproxy#11921) (envoyproxy#11927) (#…
273c0b9 
…231)

Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Co-authored-by: Piotr Sikora <piotrsikora@google.com>
duderino pushed a commit to duderino/envoy that referenced this pull request Jul 8, 2020
@PiotrSikora @duderino
tls: improve wildcard matching (envoyproxy#11921) (envoyproxy#11927)
b0dc1c4 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino pushed a commit to duderino/envoy that referenced this pull request Jul 8, 2020
@PiotrSikora @duderino
tls: improve wildcard matching (envoyproxy#11921) (envoyproxy#11928)
eac011b 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
duderino pushed a commit to duderino/envoy that referenced this pull request Jul 8, 2020
@PiotrSikora @duderino
tls: improve wildcard matching (envoyproxy#11921) (envoyproxy#11929)
855061c 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
istio-testing pushed a commit to istio/envoy that referenced this pull request Jul 8, 2020
@PiotrSikora
tls: improve wildcard matching (envoyproxy#11921) (envoyproxy#11928) (#…
bc117b4 
…232)

Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Co-authored-by: Piotr Sikora <piotrsikora@google.com>
istio-testing pushed a commit to istio/envoy that referenced this pull request Jul 8, 2020
@PiotrSikora
tls: improve wildcard matching (envoyproxy#11921) (envoyproxy#11929) (#…
f68ec04 
…233)

Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Co-authored-by: Piotr Sikora <piotrsikora@google.com>
duderino added a commit to duderino/proxy that referenced this pull request Jul 8, 2020
@duderino
Update Envoy to pull in envoyproxy/envoy#11921
62eecff
duderino added a commit to duderino/proxy that referenced this pull request Jul 8, 2020
@duderino
Update Envoy to pull in envoyproxy/envoy#11921
fd9a01e
istio-testing pushed a commit to istio/proxy that referenced this pull request Jul 8, 2020
Update Envoy to pull in envoyproxy/envoy#11921 (#2899)
a20ed1b
duderino pushed a commit to istio/proxy that referenced this pull request Jul 8, 2020
Update Envoy to pull in envoyproxy/envoy#11921 (#2900)
5a93703
duderino added a commit to duderino/istio that referenced this pull request Jul 8, 2020
@duderino
Update proxy to pull in envoyproxy/envoy#11921
4ece48d
duderino added a commit to duderino/istio that referenced this pull request Jul 8, 2020
@duderino
Update proxy to pull in envoyproxy/envoy#11921
bcc07c0
istio-testing pushed a commit to istio/istio that referenced this pull request Jul 8, 2020
Update proxy to pull in envoyproxy/envoy#11921 (#25321)
f508fdd
istio-testing pushed a commit to istio/istio that referenced this pull request Jul 8, 2020
Update proxy to pull in envoyproxy/envoy#11921 (#25322)
cbbdc85
scheler pushed a commit to scheler/envoy that referenced this pull request Aug 4, 2020
@alyssawilk
tls: improve wildcard matching (envoyproxy#11921)
6ddad5d 
Patching in 11885 with runtime guards and release notes

Risk Level: Medium (changes to cert matching)
Testing: new unit test
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.fix_wildcard_matching

Co-authored-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com
Signed-off-by: Alyssa Wilk alyssar@chromium.org
Signed-off-by: Yann Soubeyrand yann.soubeyrand@camptocamp.com
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: scheler <santosh.cheler@appdynamics.com>
@alyssawilk alyssawilk deleted the ssl branch October 26, 2020 21:16
@mattklein123 mattklein123 mentioned this pull request Jan 11, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PiotrSikora PiotrSikora PiotrSikora approved these changes

@ggreenway ggreenway ggreenway approved these changes

@yanavlasov yanavlasov yanavlasov left review comments

@lizan lizan Awaiting requested review from lizan

Assignees

@ggreenway ggreenway

Labels
backport/approved Approved backports to stable releases
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alyssawilk @PiotrSikora @yanavlasov @ggreenway