Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TEST: Fix Uptream MTLs policy integration test #1295

Merged
merged 1 commit into from
Aug 12, 2021
Merged

TEST: Fix Uptream MTLs policy integration test #1295

merged 1 commit into from
Aug 12, 2021

Conversation

eloycoto
Copy link
Contributor

When using invalid host, the ngx_ssl_host was not used, so the verify
was working when it shouldn't.

This PR is part of THREESCALE-768

Signed-off-by: Eloy Coto eloy.coto@acalustra.com

@eloycoto eloycoto marked this pull request as ready for review August 11, 2021 15:32
@eloycoto eloycoto requested a review from a team as a code owner August 11, 2021 15:32
unleashed
unleashed reviewed Aug 11, 2021
View reviewed changes
t/apicast-policy-upstream_mtls.t
@@ -575,3 +575,72 @@ ssl_client_i_dn: CN=localhost,OU=APIcast,O=3scale
--- error_code: 200
--- no_error_log
[error]


=== TEST 8: MTLS policy with correct CA certificate, but invalid host
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are you specifying the invalid host here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

Just here:

https://github.com/3scale/APIcast/pull/1295/files#diff-069ed546320ce093e97779629c0711adaf860e2c06924d979be1d8a475c099f5R601

TLS certificates are localhost, but host we use the host test

Regards

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, can we add a comment to the test adding this information, ie. the certificates are set up for localhost but here we will use a different hostname?

@eloycoto eloycoto force-pushed the THREESCALE-768 branch 2 times, most recently from 9bacaa8 to 8370b52 Compare August 12, 2021 07:34
unleashed
unleashed approved these changes Aug 12, 2021
View reviewed changes
Copy link
Contributor

@unleashed unleashed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - but first let's look into documenting why the test is expected to fail, ie. because the TLS certs are set up to apply to a different hostname localhost.

@eloycoto
TEST: Fix Uptream MTLs policy integration test
79418ad 
When using invalid host, the ngx_ssl_host was not used, so the verify
was working when it shouldn't.

This PR is part of THREESCALE-768

Signed-off-by: Eloy Coto <eloy.coto@acalustra.com>
unleashed
unleashed approved these changes Aug 12, 2021
View reviewed changes
Copy link
Contributor

@unleashed unleashed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eloycoto eloycoto merged commit 188d44b into 3scale:master Aug 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@unleashed unleashed unleashed approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eloycoto @unleashed