Skip to content

Revert "Require peer certificate to be present when ca_cert_file is s…#668

Merged
mattklein123 merged 1 commit intomasterfrom
revert_ssl
Apr 1, 2017
Merged

Revert "Require peer certificate to be present when ca_cert_file is s…#668
mattklein123 merged 1 commit intomasterfrom
revert_ssl

Conversation

@mattklein123
Copy link
Copy Markdown
Member

@mattklein123 mattklein123 commented Apr 1, 2017

…et (#648)"

This reverts commit 1687644.

@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Apr 1, 2017
edited
Loading

@lookuptable unfortunately we need to revert this. I forgot about a use case we have where we actually do need to accept SSL connections without a cert even when CA is specified. This is because we have an SSL endpoint where sometimes people have certs and sometimes we don't and we have whitelisting logic that handles this. Can you redo this change and make the behavior optional. I don't really care if you default to on, but we need to be able to turn the behavior off. This is for use with our client SSL auth filter: https://github.com/lyft/envoy/blob/master/source/common/filter/auth/client_ssl.cc

@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Apr 1, 2017

@lyft/network-team

@RomanDzhabarov
Copy link
Copy Markdown
Member

RomanDzhabarov commented Apr 1, 2017
edited
Loading

@mattklein123 unless urgent, i'll do deploy on monday morning

@mattklein123
Copy link
Copy Markdown
Member Author

mattklein123 commented Apr 1, 2017

@RomanDzhabarov not urgent. I might be able to do one Sunday. But I think we can wait till Monday.

@RomanDzhabarov
Copy link
Copy Markdown
Member

RomanDzhabarov commented Apr 1, 2017
edited
Loading

Yup, sounds good either way

@mattklein123 mattklein123 merged commit 816eb79 into master Apr 1, 2017
@mattklein123 mattklein123 deleted the revert_ssl branch April 1, 2017 05:58
vijayendrabvs pushed a commit to vijayendrabvs/envoy that referenced this pull request Apr 4, 2017
@mattklein123 @vijayendrabvs
Revert "Require peer certificate to be present when ca_cert_file is s…
0e53dc2 
…et (envoyproxy#648)" (envoyproxy#668)

This reverts commit 1687644.
@PiotrSikora PiotrSikora mentioned this pull request Apr 23, 2017
Closed
@PiotrSikora PiotrSikora mentioned this pull request May 3, 2017
Closed
jpsim pushed a commit that referenced this pull request Nov 28, 2022
@junr03 @jpsim
core: prevent race that causes double delete of HCM ActiveStreams (#669)
2a8ca85 
Description: previously Envoy Mobile was not guarded against a race that resulted in a double deletion of an Http::ConnectionManagerImpl::ActiveStream. This PR creates state that protects against that race.
Risk Level: low, integration test reproe'd the stack trace, and then updated prod code fixed as expected.
Testing: new integration test.

Fixes #668

Signed-off-by: Jose Nino <jnino@lyft.com>
Signed-off-by: JP Simard <jp@jpsim.com>
jpsim pushed a commit that referenced this pull request Nov 29, 2022
@junr03 @jpsim
core: prevent race that causes double delete of HCM ActiveStreams (#669)
55bcaf7 
Description: previously Envoy Mobile was not guarded against a race that resulted in a double deletion of an Http::ConnectionManagerImpl::ActiveStream. This PR creates state that protects against that race.
Risk Level: low, integration test reproe'd the stack trace, and then updated prod code fixed as expected.
Testing: new integration test.

Fixes #668

Signed-off-by: Jose Nino <jnino@lyft.com>
Signed-off-by: JP Simard <jp@jpsim.com>
mathetake added a commit that referenced this pull request Mar 3, 2026
@mathetake
chore: removes unused flags for v0.2 (#668)
d120998 
**Commit Message**

This removes the unused flag as a preparation for v0.2 release.

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@RomanDzhabarov RomanDzhabarov RomanDzhabarov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattklein123 @RomanDzhabarov