Comments (5)
phlax
commented on July 21, 2024
cc @ggreenway @KBaichoo @esmet @tyxia
from envoy.
ggreenway
commented on July 21, 2024
The documentation isn't clear about this, but include_tls_session only works when using a tls transport socket. This could probably be fixed to also work with TlsInspector; a PR to do that would be welcome.
from envoy.
marc-barry
commented on July 21, 2024
@ggreenway Thanks for the clarification. Are you able to give me a few hints about where to look in the code about where the external auth looks at the transport socket when include_tls_session is true? I presume I could just read the server name from SNI (i.e. TLS inspector) and then are probably filters that already read it like the SNI dynamic forward proxy.
from envoy.
ggreenway
commented on July 21, 2024
Start by looking here and here. And then look at how the sni dynamic forward proxy is looking it up, and in CheckRequestUtils::setTLSSession if the existing path is empty, check the value from tls inspector.
from envoy.
marc-barry
commented on July 21, 2024
@ggreenway #34100 is my attempt to handle this. I'm having troubles understanding what exact unit test (or tests) that I broke. I know the file, just not which tests.
from envoy.
Related Issues (20)
- Newer release available `com_github_bufbuild_buf`: v1.33.0 (current: v1.32.2)
- Newer release available `rules_python`: 0.33.1 (current: 0.32.2)
- honor connection_pool_per_downstream_connection in tcp conn-pool HOT 2
- configure OTEL of access log to export using HTTP HOT 6
- Feature to enable http host as label in metrics HOT 3
- huge overhead of configuration refreshing effects local rate limit and health checker
- Implement ClientSideWeightedRoundRobin LB policy HOT 1
- Provide a way to receive ORCA load reports from hosts HOT 1
- Implement ares_reinit() to optimally handle the situation where DNS resolver needs to be re-initialized HOT 2
- Why doesn't updating RBAC with hot reload take effect on existing connection HOT 1
- Newer release available `rules_proto`: 6.0.2 (current: 5.3.0-21.7)
- Tried to use the new envoy.resource_monitors.downstream_connections parameter in envoy version 1.30.2 but its failing HOT 6
- Envoy proxy not respecting headers added within Gateway API HOT 2
- BasicAuth HTTP filter: emit metadata containing username HOT 2
- Enable fallback_policy when no healthy host in subset HOT 1
- New CEL convenience function: random() HOT 6
- Newer release available `com_github_c_ares_c_ares`: v1.31.0 (current: cares-1_20_1)
- Perf issue with c-ares DNS resolver HOT 4
- Control Weighted Cluster Weights via Runtime config
- Question about request_mirroring#disable_shadow_host_suffix_append HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envoy.