-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OSSM-5001 Additions to support maistra/proxy build #128
Closed
tedjpoole
wants to merge
27
commits into
envoyproxy:main
from
tedjpoole:OSSM-5001-integrate-into-proxy
Closed
OSSM-5001 Additions to support maistra/proxy build #128
tedjpoole
wants to merge
27
commits into
envoyproxy:main
from
tedjpoole:OSSM-5001-integrate-into-proxy
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Required when building in maistra-builder:2.5 (clang++13) Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
Now checks for <openssl/types.h> instead of <openssl/ssl.h> because <openssl/types.h> is only in OpenSSL 3.0.x. This ensures that if the host only has OpenSSL 1.1.x headers, they will not be used. Signed-off-by: Ted Poole <tpoole@redhat.com>
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
3 times, most recently
from
November 30, 2023 11:02
63159c0
to
efdc85d
Compare
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
5 times, most recently
from
December 13, 2023 13:52
8d92df6
to
c09fa3b
Compare
Signed-off-by: Ted Poole <tpoole@redhat.com>
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
from
December 13, 2023 14:29
c09fa3b
to
de50633
Compare
Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
The functions that were being used to check the loaded OpenSSL version were only available in OpenSSL >= 3.0.0, so the check crashed if 1.1.1 libraries were loaded. Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
There were some unnecessary files getting installed as part of the bssl-compat installation process. In particular, the googletest headers were being installed, which was upsetting the envoy build. Signed-off-by: Ted Poole <tpoole@redhat.com>
…l-compat Signed-off-by: Ted Poole <tpoole@redhat.com>
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
5 times, most recently
from
January 10, 2024 17:05
7414b59
to
70be25b
Compare
… suite spec Signed-off-by: Ted Poole <tpoole@redhat.com>
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
from
January 10, 2024 18:10
70be25b
to
574a176
Compare
…cate_cb The test passes on BoringSSL but is skipped on bssl-compat pending a fix Signed-off-by: Ted Poole <tpoole@redhat.com>
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
from
January 23, 2024 13:06
abd01c3
to
608d41b
Compare
@tedjpoole have you talked to anyone about this PR outside of this thread? I'm just curious as to its fate since it doesn't have any comments and you submitted it in November :) |
…e/v1.26 branch) Signed-off-by: Ted Poole <tpoole@redhat.com>
SSL_CIPHER_get_min_version() would segv when called for a cipher who's implementation engine wasn't loaded. Signed-off-by: Ted Poole <tpoole@redhat.com>
…e callback Signed-off-by: Ted Poole <tpoole@redhat.com>
…l::verifyCallback() The SSL_get_peer_certificate() function doesn't work the same way in OpenSSL as it does in BoringSSL, when called within a callback installed via SSL_CTX_set_cert_verify_callback(). Therefore, we replace it with calls to X509_STORE_CTX_get_current_cert() and X509_STORE_CTX_get0_cert(). Signed-off-by: Ted Poole <tpoole@redhat.com>
Since we aren't supporting async certificate validation, ensure that we only run the tests in "with_sync_cert_validation" mode. Signed-off-by: Ted Poole <tpoole@redhat.com>
…quivalent This allows the use of IANA cipher suite names as well as OpenSSL specific names, which in turn means fewer patches to upstream source, expecially configs in test code. Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
… certificate callback Signed-off-by: Ted Poole <tpoole@redhat.com>
Signed-off-by: Ted Poole <tpoole@redhat.com>
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
2 times, most recently
from
March 22, 2024 10:47
b3cfefd
to
48d297e
Compare
2 tests fail to build 3 tests fail to pass Signed-off-by: Ted Poole <tpoole@redhat.com>
tedjpoole
force-pushed
the
OSSM-5001-integrate-into-proxy
branch
from
March 22, 2024 10:48
48d297e
to
1c9a393
Compare
Closing this PR because it has become out of date |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR:
envoyproxy/envoy
repositorybssl-compat
layer instead of BoringSSLbssl-compat
layer to support envoy tests