Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ocsp: Fixes for gateway reconnecting and reloading #5208

Merged
merged 2 commits into from
Mar 25, 2024
Merged

ocsp: Fixes for gateway reconnecting and reloading #5208

merged 2 commits into from
Mar 25, 2024

Conversation

wallyqs
Copy link
Member

@wallyqs wallyqs commented Mar 12, 2024
edited
Loading

Fixes some issues with gateways reconnections that had OCSP stapling enabled:

  • Gateways that started without explicit remotes would not always have OCSP callbacks registered so had no staples ready for the remote connections, when this condition is detected they are now applied on the fly.
  • Access to GetClientCertificate could be concurrent under some conditions and could also race with OCSP monitor updates.
  • Reloading races with gateway reconnections also addressed.

Tests also cover conditions from #5207, this also moves the OCSP testing helpers to an internal package.

@wallyqs wallyqs requested a review from a team as a code owner March 12, 2024 20:20
derekcollison
derekcollison reviewed Mar 12, 2024
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How long does new test take?

internal/ocsp/ocsp.go Outdated Show resolved Hide resolved
@wallyqs wallyqs force-pushed the ocsp-peer-missing-staple-test branch from 7b3d3ba to dcfce2e Compare March 22, 2024 06:07
@wallyqs wallyqs changed the title Add test for gateway reconnects and OCSP enabled ocsp: Fixes for gateway reconnecting and reloading Mar 22, 2024
@wallyqs wallyqs force-pushed the ocsp-peer-missing-staple-test branch from dcfce2e to d672a3d Compare March 22, 2024 18:26
@wallyqs
Copy link
Member Author

wallyqs commented Mar 23, 2024

Ok this one is ready to for review again, test running time is currently 15s.

@wallyqs wallyqs requested a review from neilalexander March 23, 2024 04:47
@derekcollison derekcollison self-requested a review March 23, 2024 18:20
derekcollison
derekcollison reviewed Mar 23, 2024
View reviewed changes
internal/ocsp/ocsp.go Show resolved Hide resolved
server/gateway_test.go Outdated Show resolved Hide resolved
derekcollison
derekcollison approved these changes Mar 25, 2024
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wallyqs
Copy link
Member Author

wallyqs commented Mar 25, 2024

I will squash some of the commits before merging.

@wallyqs wallyqs force-pushed the ocsp-peer-missing-staple-test branch from 427f6a5 to ac24402 Compare March 25, 2024 20:24
@derekcollison
Copy link
Member

derekcollison commented Mar 25, 2024
edited
Loading

lmk when you want me to merge. I can do squash merge if needed.

@wallyqs
Copy link
Member Author

wallyqs commented Mar 25, 2024

OK it can now be merged.

@derekcollison derekcollison merged commit 1a4e888 into main Mar 25, 2024
4 checks passed
@derekcollison derekcollison deleted the ocsp-peer-missing-staple-test branch March 25, 2024 21:37
@neilalexander neilalexander mentioned this pull request Apr 4, 2024
Merged
derekcollison added a commit that referenced this pull request Apr 4, 2024
@derekcollison
Cherry-pick PRs for v2.10.14-RC.2 (#5278)
8cafe5b 
Cherry-pick the following PRs into the v2.10.14 release branch:

* #5237
* #5238
* #5242
* #5208
* #5244
* #5248
* #5246
* #5112
* #5247
* #5256
* #5258
* #5264
* #5266
* #5267
* #5265
* #5271
* #5270
* #5272
* #5276
* #5274
* #5275
* #5277
* #5279

Signed-off-by: Neil Twigg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekcollison derekcollison derekcollison approved these changes

@neilalexander neilalexander Awaiting requested review from neilalexander

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wallyqs @derekcollison