Skip to content

Server response must include a certificate when using TLS #832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 15, 2024
Merged

Server response must include a certificate when using TLS #832

merged 2 commits into from
Mar 15, 2024

Conversation

@jhump
Copy link
Member

@jhump jhump commented Mar 15, 2024
edited
Loading

@drice-buf discovered that simply setting supports_tls: true in the config, and doing nother else to support TLS in a server under test, would not cause any tests to fail (!!!).

The issue is that the server was basically ignoring the use_tls field, and thus sending back an absent/empty certificate. The runner would simply forward that certificate to the client. But the client requests don't have a separate flag indicating whether or not to use TLS: they rely on the certificate being present/non-empty to enable it. So this would effectively forward the empty cert to the client, which would simply not use TLS upon seeing that the cert was absent/empty. And all of the tests requests would succeed because neither client nor server were using TLS. (If the client were using TLS but not the server, or vice versa, then every HTTP call would have failed.)

The solution is pretty simple: have the runner actually verify that the server provides a certificate when use_tls is true.

Resolves #830.

@jhump jhump requested a review from smaye81 March 15, 2024 18:23
@jhump jhump enabled auto-merge (squash) March 15, 2024 19:45
@jhump jhump merged commit caa2708 into main Mar 15, 2024
@jhump jhump deleted the jh/require-cert-when-tls-true branch March 15, 2024 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smaye81 smaye81 smaye81 approved these changes

+1 more reviewer

@drice-buf drice-buf drice-buf approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Test does not fail when server ignores ServerCompatRequest.use_tls

4 participants

@jhump @smaye81 @drice-buf