Release chart/4.31.83: Use openssl instead of tls in federator http2 client (#3051) · wireapp/wire-server

chart/4.31.83
fd78663
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode
Compare

Choose a tag to compare

Loading

View all tags

chart/4.31.83: Use openssl instead of tls in federator http2 client (#3051)

chart/4.31.83
fd78663
Compare

Choose a tag to compare

Loading

View all tags
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode

akshaymankar tagged this 28 Feb 14:15

* Use openssl instead of tls in federator http2 client

* changelog

* Strip trailing dot for hostname validation

* Move blessed ciphers close to where context is being built

Make it clear that this only works with TLS 1.2 as of now

* Check client certificate and private key to ensure they match

This will prevent reloading in case the files are being updated one by one.

* Add options to ssl context to workaround various bugs

https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html#SSL_OP_ALL

* Remove leftover debugging code

* Ensure test for testing hostname with trailing dot is correct

It was broken in a previous commit so it was not testing with a hostname with
trailing dot at all.

* Remove commented out code for hs-tls

* Remove duplicated comment

* Slightly better types for CertifiateAndPrivateKeyDoNotMatch

* Share code to create ssl context between test and src

* Grammar

Co-authored-by: Paolo Capriotti <[email protected]>

* federator: Pass response consumer continuation to discoverAndCall

This ensures that HTTP2 client doesn't close the connection before the response
body gets consumed.

In current implementation of the HTTP2 client there is a race between the part
which consumes the response and "background threads". These background threads
are sending and receiving data and they are not supposed to finish unless
connection gets abruptly terminated, however, due to the race they get a
`Async.cancel` when the response consumer function finishes executing.

Before this change, `Codensity` was supposed to ensure that the consumer doesn't
finish executing, but I am not sure why it didn't work, changing the code to use
CPS fixes this.

* Remove `-Wno-unused-imports`, perhaps added by mistake

* Federator Client: Simplify reading data from SSL

* Revert "federator: Pass response consumer continuation to discoverAndCall"

This reverts commit febf71a2f00cb11aafb855e50c8d0c964af9c936.

Thanks to @pcapriotti for clarifying that the test was failing because the test
was exiting Codensity before making the assertion causing the test to fail.

* federator-integration: Avoid exiting Codensity too soon

* federator: Run all code warpped in `withOpenSSL`

* federator-unit-tests: Ensure assertions happen without exiting Codensity

* Special handling for reading 0 bytes out of the TLS socket

---------

Co-authored-by: Paolo Capriotti <[email protected]>

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly