Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: input: output: Provide restoring way for tls.verify hebavior #8966

Merged
merged 4 commits into from
Jun 25, 2024
Merged

tls: input: output: Provide restoring way for tls.verify hebavior #8966

merged 4 commits into from
Jun 25, 2024

Conversation

cosmo0920
Copy link
Contributor

@cosmo0920 cosmo0920 commented Jun 17, 2024
edited
Loading

Closes #8959.

The previous enforced hostname verification with tls.verify breaks some of the certificates
for kubelet. We should restore functionality and make opt-in feature for hostname verification in TLS.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

fluent/fluent-bit-docs#1393

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@cosmo0920 cosmo0920 mentioned this pull request Jun 17, 2024
Merged
7 tasks
@cosmo0920 cosmo0920 mentioned this pull request Jun 17, 2024
Merged
fcuello-fudo
fcuello-fudo reviewed Jun 18, 2024
View reviewed changes
src/tls/openssl.c
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While at it maybe you also want to fix the typo on line 653 ?

@cosmo0920 cosmo0920 mentioned this pull request Jun 19, 2024
Closed
@edsiper edsiper added this to the Fluent Bit v3.1.0 milestone Jun 21, 2024
@edsiper
Copy link
Member

edsiper commented Jun 21, 2024

@cosmo0920 thanks, pls submit a backport for 3.0 branch too.

@cosmo0920
Copy link
Contributor Author

@cosmo0920 thanks, pls submit a backport for 3.0 branch too.

Hi, #8967 is a backport PR to be corresponding to this. :)

@edsiper edsiper merged commit d4735ac into master Jun 25, 2024
60 checks passed
@edsiper edsiper deleted the cosmo0920-provide-restoring-way-for-tls.verify-hebavior branch June 25, 2024 02:47
@BrewTestBot BrewTestBot mentioned this pull request Jul 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fcuello-fudo fcuello-fudo fcuello-fudo left review comments

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich leonardo-albertovich is a code owner

@fujimotos fujimotos Awaiting requested review from fujimotos fujimotos is a code owner

@koleini koleini Awaiting requested review from koleini koleini is a code owner

Assignees
No one assigned
Labels
backport to v3.0.x
Projects
None yet
Milestone
Fluent Bit v3.1.0
Development

Successfully merging this pull request may close these issues.

fluent-bit 3.0.7 breaks kubernetes filter when using tls.verify and Use_Kubelet
3 participants
@cosmo0920 @edsiper @fcuello-fudo