Skip to content

Fix AdvancedTlsX509TrustManager to handle client side validation of socket #11352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 11, 2024
Merged

Fix AdvancedTlsX509TrustManager to handle client side validation of socket #11352

merged 1 commit into from
Jul 11, 2024

Conversation

cfredri4
Copy link
Contributor

@cfredri4 cfredri4 commented Jul 3, 2024

There's a missing if-statement to check SSLEngine vs socket before calling currentDelegateManager.checkClientTrusted

@kannanjgithub
Copy link
Contributor

Please add unit tests.

@cfredri4
Copy link
Contributor Author

cfredri4 commented Jul 3, 2024

Please add unit tests.

There appears to be a test for this already but that test is a bit moot because it doesn't actually test much (it sets INSECURELY_SKIP_ALL_VERIFICATION). And had that test tested more things it would have failed because of the issue this PR fixes...

I just made this PR as a no-brainer fix to a problem I spotted when looking over unrelated code; I unfortunately don't have the time right now to investigate fixing the existing (moot) test.
Feel free to either close the PR, or leave it open until I or someone else finds time to do that.

@ejona86 ejona86 added the kokoro:run Add this label to a PR to tell Kokoro the code is safe and tests can be run label Jul 3, 2024
@grpc-kokoro grpc-kokoro removed the kokoro:run Add this label to a PR to tell Kokoro the code is safe and tests can be run label Jul 3, 2024
@ejona86 ejona86 requested a review from erm-g July 11, 2024 15:24
@erm-g
Copy link
Contributor

erm-g commented Jul 11, 2024

Please add unit tests.

There appears to be a test for this already but that test is a bit moot because it doesn't actually test much (it sets INSECURELY_SKIP_ALL_VERIFICATION). And had that test tested more things it would have failed because of the issue this PR fixes...

I just made this PR as a no-brainer fix to a problem I spotted when looking over unrelated code; I unfortunately don't have the time right now to investigate fixing the existing (moot) test. Feel free to either close the PR, or leave it open until I or someone else finds time to do that.

The test you mentioned doesn't go into that branch. We need a new one, maybe based on trustManagerBadCustomVerificationTest. I'll try to spend some time next week.

@erm-g erm-g self-assigned this Jul 11, 2024
@ejona86
Copy link
Member

ejona86 commented Jul 11, 2024

@erm-g, are you okay with approving this and you'll make the test as a follow-up?

@erm-g
Copy link
Contributor

erm-g commented Jul 11, 2024

@erm-g, are you okay with approving this and you'll make the test as a follow-up?

Yeah, sure

@ejona86 ejona86 merged commit dcb1c01 into grpc:master Jul 11, 2024
13 checks passed
@erm-g erm-g mentioned this pull request Jul 16, 2024
Merged
@erm-g
Copy link
Contributor

erm-g commented Jul 16, 2024

Please add unit tests.

Test added in #11385

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ejona86 ejona86 ejona86 approved these changes

@erm-g erm-g erm-g approved these changes

Assignees

@erm-g erm-g

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cfredri4 @kannanjgithub @erm-g @ejona86 @grpc-kokoro