Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backport to 1.16: tls: fix detection of the upstream connection close event. (#13858) #14452

Merged
merged 5 commits into from
Dec 29, 2020
Merged

backport to 1.16: tls: fix detection of the upstream connection close event. (#13858) #14452

merged 5 commits into from
Dec 29, 2020

Conversation

cpakulski
Copy link
Contributor

Commit Message:
backport to 1.16: tls: fix detection of the upstream connection close event. (#13858)

Fixes #13856.

@cpakulski
Copy link
Contributor Author

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

@cpakulski cpakulski marked this pull request as ready for review December 17, 2020 23:31
antoniovicente
antoniovicente approved these changes Dec 18, 2020
View reviewed changes
Copy link
Contributor

@antoniovicente antoniovicente left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you comment about the need to pull in changes in #13702 as part of this PR?

Backport of these changes looks good.

@cpakulski
Copy link
Contributor Author

Explanation why #13702 was cherry-picked:

The new tests added for this fix use certificates and keys from a new directory, which was not present in 1.16:

{{ test_rundir }}/test/extensions/transport_sockets/tls/test_data/unittest_cert.pem
{{ test_rundir }}/test/extensions/transport_sockets/tls/test_data/unittest_key.pem
{{ test_rundir }}/test/extensions/transport_sockets/tls/test_data/ca_certificates.pem

This probably could be solved by referring to those *.pem files in other way, but given that 1.16 will be maintained for at least 4 quarters, this is probably the best way to avoid future backport conflicts.

@antoniovicente
Copy link
Contributor

I was about to merge but I see a conflict in docs/root/version_history/current.rst

Could you merge in the changes to the branch?

PiotrSikora and others added 5 commits December 22, 2020 22:40
@PiotrSikora @cpakulski
tls: fix detection of the upstream connection close event. (envoyprox…
cb24f99 
…y#13858)

Fixes envoyproxy#13856.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@cpakulski
Corrected release notes.
99484c6 
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@tbarrella @cpakulski
build: Fix some unused variable warnings (envoyproxy#13987)
43c8a2d 
Signed-off-by: Taylor Barrella <tabarr@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@sunjayBhatia @cpakulski
test: Check in all TLS test certs (envoyproxy#13702)
2d39d82 
* test: Check in all TLS test certs

- Will prevent openssl fork-emulation issues on Windows/msys2 that cause
  test flakiness
- modifies context_impl_test to no longer requires a cert that is
  generated on the fly to expire in 15 days

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@cpakulski
Corrected release notes.
b649f13 
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@cpakulski
Copy link
Contributor Author

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

@cpakulski
Copy link
Contributor Author

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

@antoniovicente
Copy link
Contributor

antoniovicente commented Dec 23, 2020
edited
Loading

/retest

1 similar comment
@antoniovicente
Copy link
Contributor

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @antoniovicente.

see: more, trace.

@cpakulski
Copy link
Contributor Author

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #14452 (comment) was created by @cpakulski.

see: more, trace.

antoniovicente
antoniovicente approved these changes Dec 29, 2020
View reviewed changes
Copy link
Contributor

@antoniovicente antoniovicente left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

macos CI issue seems infrastructure related, merging.

@antoniovicente antoniovicente merged commit 15f02f0 into envoyproxy:release/v1.16 Dec 29, 2020
@cpakulski cpakulski deleted the rel1.16/13858 branch January 5, 2021 19:43
istio-testing pushed a commit to istio/envoy that referenced this pull request Feb 5, 2021
@tbarrella @Shikugawa
@cpakulski @MarcinFalkowski
Merge envoy/release/v1.16 into release-1.8 (#294)
5b0c5f7 
* backport to 1.16: http: fixing a bug with IPv6 hosts (envoyproxy#14238)

Fixing a bug where HTTP parser offsets for IPv6 hosts did not include [] and Envoy assumed it did.
This results in mis-parsing addresses for IPv6 CONNECT requests and IPv6 hosts in fully URLs over HTTP/1.1

Risk Level: low
Testing: new unit, integration tests
Docs Changes: n/a
Release Notes: inline
Signed-off-by: Shikugawa <rei@tetrate.io>
Co-authored-by: alyssawilk <alyssar@chromium.org>

* backport to 1.16: vrp: allow supervisord to open its log file (envoyproxy#14066) (envoyproxy#14279)

Commit Message: Allow supervisord to open its log file
Additional Description:
Change the default location of the log file and give supervisord
permissions to write to it.

Risk Level: low
Testing: built image locally
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: n/a

Signed-off-by: Alex Konradi <akonradi@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* Closing release 1.16.2. (envoyproxy#14308)

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* Kick-off rel 1.16.3. (envoyproxy#14321)

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* lua: reset downstream_ssl_connection in StreamInfoWrapper when object is marked dead by Lua GC (envoyproxy#14092) (envoyproxy#14449)

Co-authored-by: Marcin Falkowski <marcin.falkowski@allegro.pl>

* backport to 1.16: tls: fix detection of the upstream connection close event. (envoyproxy#13858) (envoyproxy#14452)

Fixes envoyproxy#13856.

This change also contains the following backports:
- build: Fix some unused variable warnings (envoyproxy#13987)
- test: Check in all TLS test certs (envoyproxy#13702)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

* backport to 1.16: aggregate cluster: fix TLS init issue (envoyproxy#14456)

Additional Description: Based on envoyproxy#14388
Risk Level: Low
Testing: Build and run the repro from envoyproxy#14119 without crashing, `bazel test test/extensions/clusters/aggregate:cluster_test`
Docs Changes: N/A
Release Notes:
envoyproxy#14119

Signed-off-by: Taylor Barrella <tabarr@google.com>

Co-authored-by: Rei Shimizu <rei@tetrate.io>
Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Marcin Falkowski <marcin.falkowski@allegro.pl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoniovicente antoniovicente antoniovicente approved these changes

@lizan lizan Awaiting requested review from lizan

@PiotrSikora PiotrSikora Awaiting requested review from PiotrSikora

Assignees

@antoniovicente antoniovicente

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cpakulski @antoniovicente @PiotrSikora @tbarrella @sunjayBhatia