tls: fix daysUntilFirstCertExpires() return nil when expired by daixiang0 · Pull Request #21428 · envoyproxy/envoy

daixiang0 · 2022-05-25T00:51:41Z

Signed-off-by: Loong Dai loong.dai@intel.com

Add days_until_first_cert_expiring stat integration test to ensure no nil error.

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

Signed-off-by: Loong Dai <loong.dai@intel.com>

mattklein123 · 2022-05-25T00:57:21Z

There is no point in using an optional if you are going to return 0. Please fix the broken callsite to handle the lack of a value and add a test. Thanks!

/wait

mattklein123

Thanks for fixing and add the test. Please check CI also.

/wait

test/config/integration/certs/expired_cert.pem

Signed-off-by: Loong Dai <loong.dai@intel.com>

daixiang0 · 2022-05-26T05:23:23Z

/retest

https://dev.azure.com/cncf/envoy/_build/results?buildId=109290&view=logs&j=8c169225-0ae8-53bd-947f-07cb81846cb5&t=6b0ace90-28b2-51d9-2951-b1fd35e67dec&l=5994

repokitteh-read-only · 2022-05-26T05:23:27Z

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #21428 (comment) was created by @daixiang0.

see: more, trace.

Signed-off-by: Loong Dai <loong.dai@intel.com>

mattklein123 · 2022-05-26T15:33:02Z

Please check CI

/wait

daixiang0 · 2022-05-27T01:08:41Z

https://dev.azure.com/cncf/envoy/_build/results?buildId=109369&view=logs&j=767be981-567e-57d8-68c3-2140ede0a0bd&t=1fb0b72f-6293-562d-a4d1-bb649223eaca&l=77

Server terminated abruptly

Do not know why server terminated abruptly, retest.

/retest

daixiang0 · 2022-05-27T04:06:38Z

@phlax seems something wrong with arm server:
https://dev.azure.com/cncf/envoy/_build/results?buildId=109369&view=logs&j=767be981-567e-57d8-68c3-2140ede0a0bd&t=1fb0b72f-6293-562d-a4d1-bb649223eaca&l=81

mattklein123 · 2022-05-27T20:28:45Z

/retest

repokitteh-read-only · 2022-05-27T20:28:49Z

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #21428 (comment) was created by @mattklein123.

see: more, trace.

mattklein123

Thanks, LGTM with small comments. Sorry for the CI problems I think they are fixed.

/wait

mattklein123 · 2022-05-27T20:48:41Z

test/config/integration/certs/expired_cert_hash.h

+// NOLINT(namespace-envoy)
+constexpr char TEST_EXPIRED__CERT_HASH[] = "FC:F7:07:14:C3:0D:B4:BE:0B:BF:23:9B:C2:09:DA:CD:54:66:"
+                                           "32:65:07:50:35:E8:D0:14:ED:D6:B1:96:A1:3C";


I think this is unused. Delete?

Now certs.sh will generate a hash file, not only here, but also in other tests, although some of the hash files are unused. Do we delete them as well?

OK I see, that's fine, thanks.

mattklein123 · 2022-05-27T20:49:12Z

test/config/integration/certs/servercert_info.h

+// NOLINT(namespace-envoy)
+constexpr char TEST_SERVER_CERT_HASH[] = "DC:E2:2B:65:90:43:9A:36:1C:8E:6D:CA:42:8A:8C:37:C7:A1:77:"
+                                         "00:5B:C1:3E:33:8A:B9:2D:04:2C:B1:3F:0A";
+constexpr char TEST_SERVER_CERT_NOT_BEFORE[] = "Apr 7 16:46:35 2022 GMT";
+constexpr char TEST_SERVER_CERT_NOT_AFTER[] = "Apr 6 16:46:35 2024 GMT";


Can you add comments on where this came from and how to regenerate it if needed?

All are generated by certs.h, refer to https://github.com/envoyproxy/envoy/blob/main/test/config/integration/certs/README.md, or I can update that script and add comments during generating.

mattklein123

Thanks!

…oxy#21428) Signed-off-by: Loong Dai <loong.dai@intel.com> Signed-off-by: Amila Senadheera <amila.15@cse.mrt.ac.lk>

daixiang0 requested review from ggreenway and lizan as code owners May 25, 2022 00:51

daixiang0 force-pushed the expried branch from 54fe148 to 4362d0d Compare May 25, 2022 00:52

tls: daysUntilFirstCertExpires() return 0 when expired

ae423df

Signed-off-by: Loong Dai <loong.dai@intel.com>

daixiang0 force-pushed the expried branch from 4362d0d to ae423df Compare May 25, 2022 00:53

mattklein123 self-assigned this May 25, 2022

repokitteh-read-only bot added waiting and removed waiting labels May 25, 2022

mattklein123 requested changes May 25, 2022

View reviewed changes

test/config/integration/certs/expired_cert.pem Outdated Show resolved Hide resolved

repokitteh-read-only bot added the waiting label May 25, 2022

mattklein123 mentioned this pull request May 25, 2022

tls: fix daysUntilFirstCertExpires #20581

Merged

daixiang0 added 3 commits May 26, 2022 08:51

use value_or() to skip nil error

641e9f8

Signed-off-by: Loong Dai <loong.dai@intel.com>

test: add days_until_first_cert_expiring stat integration test

44e206b

Signed-off-by: Loong Dai <loong.dai@intel.com>

update certs.sh

22f4204

Signed-off-by: Loong Dai <loong.dai@intel.com>

daixiang0 force-pushed the expried branch from 76e6863 to 22f4204 Compare May 26, 2022 01:06

repokitteh-read-only bot removed the waiting label May 26, 2022

add days to certs.sh

0d011bb

Signed-off-by: Loong Dai <loong.dai@intel.com>

fix CI

d8ddf2e

Signed-off-by: Loong Dai <loong.dai@intel.com>

repokitteh-read-only bot added the waiting label May 26, 2022

Merge branch 'main' into expried

e03c3a6

repokitteh-read-only bot removed the waiting label May 26, 2022

mattklein123 requested changes May 27, 2022

View reviewed changes

repokitteh-read-only bot added the waiting label May 27, 2022

mattklein123 approved these changes May 31, 2022

View reviewed changes

mattklein123 merged commit 006bbc3 into envoyproxy:main May 31, 2022

daixiang0 deleted the expried branch May 31, 2022 03:27

phlax mentioned this pull request Nov 9, 2022

[backport/1.22] ocsp: rotate certs of test data to fix flaky tests (#23635) #23842

Merged

LuyaoZhong mentioned this pull request Jan 12, 2023

Add support for multiple sds configs in DownstramTlsContext #24900

Merged

Conversation

daixiang0 commented May 25, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mattklein123 commented May 25, 2022

Uh oh!

mattklein123 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

daixiang0 commented May 26, 2022

Uh oh!

repokitteh-read-only bot commented May 26, 2022

Uh oh!

mattklein123 commented May 26, 2022

Uh oh!

daixiang0 commented May 27, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

daixiang0 commented May 27, 2022

Uh oh!

mattklein123 commented May 27, 2022

Uh oh!

repokitteh-read-only bot commented May 27, 2022

Uh oh!

mattklein123 left a comment

Choose a reason for hiding this comment

Uh oh!

mattklein123 May 27, 2022

Choose a reason for hiding this comment

Uh oh!

daixiang0 May 28, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

mattklein123 May 31, 2022

Choose a reason for hiding this comment

Uh oh!

mattklein123 May 27, 2022

Choose a reason for hiding this comment

Uh oh!

daixiang0 May 28, 2022

Choose a reason for hiding this comment

Uh oh!

mattklein123 left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

daixiang0 commented May 25, 2022 •

edited

Loading

daixiang0 commented May 27, 2022 •

edited

Loading

daixiang0 May 28, 2022 •

edited

Loading