Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: Update negative test case for TLS SNI #37386

Merged
merged 1 commit into from
Feb 1, 2025
Merged

test: Update negative test case for TLS SNI #37386

merged 1 commit into from
Feb 1, 2025
+24 −2

Conversation

sayboras
Copy link
Member

The current SNI denied test sends request to cilium.io with serverNames as one.one.one.one, and expects TLS error. However, cilium.io might not be as reliable compared to one.one.one.one, hence causes timeout issue (e.g. 28) instead of expected SSL error code (e.g. 35) as observed in #37381.

This commit is to reverse the test to use one.one.one.one as external target, however, new CNP client-egress-tls-sni-other will only allow serverNames with ExternalOtherTarget (defaults to cilium.io).

Relates: #37122, #37381

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 31, 2025
@github-actions github-actions bot added cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary labels Jan 31, 2025
@sayboras sayboras added the release-note/misc This PR makes changes that have no direct user impact. label Jan 31, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 31, 2025
@sayboras sayboras force-pushed the pr/tammach/flip-sni-denied branch from 774f0a7 to 93b2a23 Compare January 31, 2025 11:35
@sayboras
test: Update negative test case for TLS SNI
9e6023e 
The current SNI denied test sends request to cilium.io with serverNames
as one.one.one.one, and expects TLS error. However, cilium.io might not
be as reliable compared to one.one.one.one, hence causes timeout issue
(e.g. 28) instead of expected SSL error code (e.g. 35) as observed in
the issue cilium#37381.

This commit is to reverse the test to use one.one.one.one as
external target, however, new CNP client-egress-tls-sni-other will only
allow serverNames with ExternalOtherTarget (defaults to cilium.io).

Relates: cilium#37122, cilium#37381
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras force-pushed the pr/tammach/flip-sni-denied branch from 93b2a23 to 9e6023e Compare January 31, 2025 12:01
@sayboras sayboras marked this pull request as ready for review January 31, 2025 12:10
@sayboras sayboras requested review from a team as code owners January 31, 2025 12:10
@sayboras
Copy link
Member Author

/test

@pchaigno pchaigno removed the request for review from ldelossa January 31, 2025 12:57
@pchaigno pchaigno enabled auto-merge January 31, 2025 12:57
@pchaigno pchaigno added this pull request to the merge queue Feb 1, 2025
Merged via the queue into cilium:main with commit 763658e Feb 1, 2025
77 checks passed
@sayboras sayboras mentioned this pull request Feb 1, 2025
Closed
@sayboras sayboras deleted the pr/tammach/flip-sni-denied branch February 1, 2025 02:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Artyop Artyop Artyop approved these changes

@pchaigno pchaigno pchaigno approved these changes

@thorn3r thorn3r Awaiting requested review from thorn3r thorn3r is a code owner automatically assigned from cilium/sig-agent

Assignees
No one assigned
Labels
cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sayboras @pchaigno @Artyop