credentials/tls: reject connections with ALPN disabled #7184
+198
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
arjan-bal
force-pushed
the
handle-alpn-disabled
branch
from
98033c3 to
514de04
Compare
arjan-bal
changed the title
arjan-bal
force-pushed
the
handle-alpn-disabled
branch
from
514de04 to
6fb5651
Compare
arjan-bal
force-pushed
the
handle-alpn-disabled
branch
from
6fb5651 to
a49fb8f
Compare
purnesh42H
reviewed
May 3, 2024
purnesh42H
reviewed
May 7, 2024
purnesh42H
approved these changes
May 7, 2024
purnesh42H
reviewed
May 7, 2024
credentials/tls_ext_test.go
Outdated
|
|
||
| matchPat, err := regexp.Compile(tc.wantErrMatchPattern) | ||
| if err != nil { | ||
| t.Fatalf("Error message match pattern %q is invalid due to error: %v", tc.wantErrMatchPattern, err) |
There was a problem hiding this comment.
it should be changed to got before want? Similar for line 328
https://google.github.io/styleguide/go/decisions#got-before-want
There was a problem hiding this comment.
The regex pattern is expected to always be valid, the want is implicitly nil. There is not want in this message. If this line executes, it means that the test case is invalid.
arjan-bal
added
the
Type: Behavior Change
easwars
reviewed
May 8, 2024
easwars
reviewed
May 15, 2024
easwars
reviewed
May 15, 2024
credentials/tls_ext_test.go
Outdated
| t.Fatalf("Error starting server: %v", err) | ||
| } | ||
|
|
||
| errCh := make(chan error) |
There was a problem hiding this comment.
This one needs a buffer of size 1 too.
easwars
approved these changes
May 15, 2024
|
@dfawley : For second set of eyes. |
arjan-bal
changed the title
arjan-bal
changed the title
dfawley
approved these changes
May 21, 2024
dfawley
changed the title
16 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #434
Since HTTP/2 mandates the use of ALPN during the TLS handshake to establish connections, gRPC clients will reject connections to servers that don't have ALPN enabled. gRPC servers will also reject TLS connections from clients with ALPN disabled.
As this change can break existing clients, this behaviour is guarded by an environment variable flag. The error message returned is similar to the message returned by the C++ implementation.
RELEASE NOTES: