tls: fix daysUntilFirstCertExpires#20581
Conversation
|
Another issue is that should we return a negative number for the day until first expired since it already expired? |
|
I feel that a real negative number is useless, just |
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
adisuissa
left a comment
There was a problem hiding this comment.
Thanks for fixing the bug!
source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc
Outdated
Show resolved
Hide resolved
|
/wait for modifying |
|
/retest |
|
Retrying Azure Pipelines: |
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
adisuissa
left a comment
There was a problem hiding this comment.
Thanks for fixing this.
source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc
Outdated
Show resolved
Hide resolved
|
another nit: you can use |
Signed-off-by: Loong Dai <loong.dai@intel.com>
|
@adisuissa thanks for your review, I have updated all. |
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
I expect that's to do with your change. Not sure if the limit is in our code or a library. |
|
It may be related to the that I change INT_MAX to SIZE_MAX. |
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc
Outdated
Show resolved
Hide resolved
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
| * @return the number of days till this certificate is valid, the value is set when not expired. | ||
| */ | ||
| absl::optional<int32_t> getDaysUntilExpiration(const X509* cert, TimeSource& time_source); | ||
| absl::optional<size_t> getDaysUntilExpiration(const X509* cert, TimeSource& time_source); |
There was a problem hiding this comment.
I think we should use uint32_t here as well?
|
@zuercher please review again. |
zuercher
left a comment
There was a problem hiding this comment.
Looks good. Let's add release notes indicating the change and then we can merge.
Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai <loong.dai@intel.com>
|
I suspect there's an issue in this PR. Can we roll this back or quickly scrutinize it for unchecked accesses to optional values? |
|
Yan just pointed out #21428 to me, thanks. I don't think we need a revert -- we can deal with this locally for now and wait for the proper fix in flight. |
The root cause is that size_t is unsigned, and can thus only express positive numbers. Risk Level: low Testing: unit tests updated Docs Changes: n/a Release Notes: added Fixes envoyproxy#20573 Signed-off-by: Loong Dai <loong.dai@intel.com>
Signed-off-by: Loong Dai loong.dai@intel.com
Commit Message: The root cause is that size_t is unsigned, and can thus only express positive numbers.
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA] #20573
[Optional Deprecated:]
[Optional API Considerations:]