Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade webpki and rustls-webpki crates #3728

Merged
merged 5 commits into from
Sep 5, 2023
Merged

Upgrade webpki and rustls-webpki crates #3728

merged 5 commits into from
Sep 5, 2023

Conversation

SimonSapin
Copy link
Contributor

@SimonSapin SimonSapin commented Sep 4, 2023

Brings fixes for:

Fix #3645

Because Apollo Router does not accept client certificates, it could only be affected if a subgraph supplied a pathological TLS server certificate.

Checklist

Complete the checklist (and note appropriate exceptions) before a final PR is raised.

  • Changes are compatible[^1]
  • Documentation[^2] completed
  • Performance impact assessed and acceptable
  • Tests added and passing[^3]
    • Unit Tests
    • Integration Tests
    • Manual Tests

Exceptions

Note any exceptions here

Notes

[^1]. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this.
[^2]. Configuration is an important part of many changes. Where applicable please try to document configuration examples.
[^3]. Tick whichever testing boxes are applicable. If you are adding Manual Tests:
- please document the manual testing (extensively) in the Exceptions.
- please raise a separate issue to automate the test and label it (or ask for it to be labeled) as manual test

@SimonSapin SimonSapin self-assigned this Sep 4, 2023
@github-actions

This comment has been minimized.

@router-perf
Copy link

router-perf bot commented Sep 4, 2023

CI performance tests

  • step - Basic stress test that steps up the number of users over time
  • events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
  • xlarge-request - Stress test with 10 MB request payload
  • xxlarge-request - Stress test with 100 MB request payload
  • events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
  • const - Basic stress test that runs with a constant number of users
  • reload - Reload test over a long period of time at a constant rate of users
  • large-request - Stress test with a 1 MB request payload
  • events - Stress test for events with a lot of users and deduplication ENABLED
  • step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
  • no-graphos - Basic stress test, no GraphOS.

Brings fixes for:

* https://rustsec.org/advisories/RUSTSEC-2023-0052
* https://rustsec.org/advisories/RUSTSEC-2023-0053

Because Apollo Router does not accept client certificates, it could only
be affected if a subgraph supplied a pathological TLS server certificate.
@SimonSapin SimonSapin marked this pull request as ready for review September 4, 2023 08:45
Cargo.lock Outdated Show resolved Hide resolved
@Geal Geal enabled auto-merge (squash) September 5, 2023 12:16
@Geal Geal merged commit 4780e21 into dev Sep 5, 2023
@Geal Geal deleted the simon/pkiup branch September 5, 2023 12:36
@Geal Geal mentioned this pull request Sep 5, 2023
garypen pushed a commit that referenced this pull request Sep 12, 2023
Brings fixes for:

* https://rustsec.org/advisories/RUSTSEC-2023-0052
* https://rustsec.org/advisories/RUSTSEC-2023-0053

Fix #3645 

Because Apollo Router does not accept client certificates, it could only
be affected if a subgraph supplied a pathological TLS server
certificate.

---------

Co-authored-by: Geoffroy Couprie <[email protected]>
@abernix abernix mentioned this pull request Sep 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

RustSec advisories on rustls-webpki and webpki
4 participants