Comments (5)
cc @ggreenway @KBaichoo @esmet @tyxia
from envoy.
The documentation isn't clear about this, but include_tls_session
only works when using a tls transport socket. This could probably be fixed to also work with TlsInspector; a PR to do that would be welcome.
from envoy.
@ggreenway Thanks for the clarification. Are you able to give me a few hints about where to look in the code about where the external auth looks at the transport socket when include_tls_session
is true
? I presume I could just read the server name from SNI (i.e. TLS inspector) and then are probably filters that already read it like the SNI dynamic forward proxy.
from envoy.
Start by looking here and here. And then look at how the sni dynamic forward proxy is looking it up, and in CheckRequestUtils::setTLSSession
if the existing path is empty, check the value from tls inspector.
from envoy.
@ggreenway #34100 is my attempt to handle this. I'm having troubles understanding what exact unit test (or tests) that I broke. I know the file, just not which tests.
from envoy.
Related Issues (20)
- OAuth2 filter: OpenID Connect Back-Channel Logout HOT 6
- OAuth2 filter: Proof Key for Code Exchange (PKCE) HOT 4
- OAuth2 filter: state/nonce support to prevent CSRF HOT 1
- OAuth2 filter: stores sessions in Redis HOT 5
- Do not redo healthchecks for endpoints with different priorities HOT 7
- The local rate limit filter will add x-ratelimit-* headers by default HOT 1
- Newer release available `io_opentelemetry_cpp`: v1.16.1 (current: v1.14.2)
- Envoy release cadence and process questions HOT 3
- How to make sure the legacy websocket connection still works if the listeners update without using the envoy hot-restart ? HOT 3
- Why not add POST REST API method in admin module to support the dynamic configuration resources (such as listeners) update ? HOT 2
- Envoy does not proxy 103 Early Hints response to a client HOT 2
- Newer release available `com_github_google_benchmark`: v1.8.5 (current: v1.8.4)
- unknown type: envoy.extensions.filters.http.cors.v3.CorsPolicy HOT 3
- Re-enable flakey ext_proc (`GetAndSetTrailersIncorrectlyOnResponse`) HOT 2
- Load reporting service missing information UpstreamEndpointStats and NodeID HOT 6
- Newer release available `aspect_bazel_lib`: v2.7.9 (current: v2.7.7)
- Newer release available `rules_rust`: 0.48.0 (current: 0.35.0) HOT 1
- Fluentd HTTP tracing support HOT 4
- Newer release available `com_github_fmtlib_fmt`: 11.0.2 (current: 9.1.0)
- 503 UC upstream_reset_before_response_started{connection_termination} and Invalid HTTP header field errors HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envoy.