Skip to content

feat: add ability to skip TLS peer verification #399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
May 13, 2024
Merged

feat: add ability to skip TLS peer verification #399

merged 24 commits into from
May 13, 2024

Conversation

cwaldren-ld
Copy link
Contributor

@cwaldren-ld cwaldren-ld commented May 8, 2024
edited
Loading

This PR adds in a new configuration option allowing users to disable peer verification in TLS handshake.

Additionally, it implements two new contract test capabilities to verify this behavior (tls:verify-peer and tls:skip-verify-peer.)

Because the functionality was added to the sse library and the shared asio requester, both the server and client gain this functionality. Therefore I've added bindings for both along with the contract test implementations.

cwaldren-ld added 17 commits April 5, 2024 16:21
@cwaldren-ld
feat: add TLS verify peer option
2c07469
@cwaldren-ld
adding builders
aabc15f
@cwaldren-ld
feat: add peer verification to builder
505b63e
@cwaldren-ld
refactor: use sse client peer verification option
6dc225f
@cwaldren-ld
refactor: move verify_peer member
4cdac19
@cwaldren-ld
feat: asio requester now takes peer verification option
6fc1b9b
@cwaldren-ld
refactor: update polling mode to pass in peer verification config
c66b50d
@cwaldren-ld
docs: update docs on VerifyPeer C binding
a9773fd
@cwaldren-ld
update internal
d242c2b
@cwaldren-ld
update common
a112e5b
@cwaldren-ld
update client & server to plumb verify mode option internally
6c5113b
@cwaldren-ld
free tls builder automatically when passed to HttpProperties builder …
69e0a2f 
…in c binding
@cwaldren-ld
updating contract tests for tls testing
4926d3b
@cwaldren-ld
bump contract test version to branch with new tls tests
5e23007
@cwaldren-ld
rename VerifyPeer to SkipVerifyPeer
8950756
@cwaldren-ld
update contract test definitions
5ef3209
@cwaldren-ld
renaming of VerifyPeer to SkipVerifyPeer
60b1b25
@cwaldren-ld cwaldren-ld changed the title Cw/verify peer tls contract tests ci: verify peer contract tests May 10, 2024
@cwaldren-ld cwaldren-ld changed the title ci: verify peer contract tests feat: add ability to skip TLS peer verification May 10, 2024
cwaldren-ld
cwaldren-ld commented May 10, 2024
View reviewed changes
libs/client-sdk/src/data_sources/polling_data_source.cpp Outdated
@@ -88,6 +88,10 @@ PollingDataSource::PollingDataSource(
auto const& polling_config = std::get<
config::shared::built::PollingConfig<config::shared::ClientSDK>>(
data_source_config.method);
if (http_properties.Tls().VerifyMode() ==
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could pass a logger dep to the requester_ and have it do the logging instead. In any case, I just wanted to be sure people see a log message since this is pretty critical. Perhaps it should be at info or warn level.

@cwaldren-ld cwaldren-ld force-pushed the cw/verify-peer-tls-contract-tests branch from d248e8e to 372b2e6 Compare May 10, 2024 21:43
@cwaldren-ld cwaldren-ld force-pushed the cw/verify-peer-tls-contract-tests branch from 372b2e6 to c959748 Compare May 10, 2024 21:48
@cwaldren-ld cwaldren-ld marked this pull request as ready for review May 10, 2024 21:48
@cwaldren-ld cwaldren-ld requested a review from a team May 10, 2024 21:48
@cwaldren-ld cwaldren-ld force-pushed the cw/verify-peer-tls-contract-tests branch from 49432f1 to b5dfa5d Compare May 10, 2024 21:56
@cwaldren-ld cwaldren-ld force-pushed the cw/verify-peer-tls-contract-tests branch from b5dfa5d to 93c3aab Compare May 10, 2024 21:58
keelerm84
keelerm84 approved these changes May 13, 2024
View reviewed changes
@cwaldren-ld cwaldren-ld force-pushed the cw/verify-peer-tls-contract-tests branch from 66bf64b to e3a12dc Compare May 13, 2024 22:04
@cwaldren-ld cwaldren-ld merged commit 0422d35 into main May 13, 2024
20 checks passed
@cwaldren-ld cwaldren-ld deleted the cw/verify-peer-tls-contract-tests branch May 13, 2024 23:01
@github-actions github-actions bot mentioned this pull request May 13, 2024
Merged
cwaldren-ld pushed a commit that referenced this pull request May 13, 2024
@github-actions
chore: release main (#401)
1ae6e07 
🤖 I have created a release *beep* *boop*
---


<details><summary>launchdarkly-cpp-client: 3.5.0</summary>

##
[3.5.0](launchdarkly-cpp-client-v3.4.3...launchdarkly-cpp-client-v3.5.0)
(2024-05-13)


### Features

* add ability to skip TLS peer verification
([#399](#399))
([0422d35](0422d35))


### Dependencies

* The following workspace dependencies were updated
  * dependencies
    * launchdarkly-cpp-internal bumped from 0.6.1 to 0.7.0
    * launchdarkly-cpp-common bumped from 1.5.0 to 1.6.0
    * launchdarkly-cpp-sse-client bumped from 0.3.2 to 0.4.0
</details>

<details><summary>launchdarkly-cpp-common: 1.6.0</summary>

##
[1.6.0](launchdarkly-cpp-common-v1.5.0...launchdarkly-cpp-common-v1.6.0)
(2024-05-13)


### Features

* add ability to skip TLS peer verification
([#399](#399))
([0422d35](0422d35))
</details>

<details><summary>launchdarkly-cpp-internal: 0.7.0</summary>

##
[0.7.0](launchdarkly-cpp-internal-v0.6.1...launchdarkly-cpp-internal-v0.7.0)
(2024-05-13)


### Features

* add ability to skip TLS peer verification
([#399](#399))
([0422d35](0422d35))


### Dependencies

* The following workspace dependencies were updated
  * dependencies
    * launchdarkly-cpp-common bumped from 1.5.0 to 1.6.0
</details>

<details><summary>launchdarkly-cpp-server: 3.4.0</summary>

##
[3.4.0](launchdarkly-cpp-server-v3.3.6...launchdarkly-cpp-server-v3.4.0)
(2024-05-13)


### Features

* add ability to skip TLS peer verification
([#399](#399))
([0422d35](0422d35))


### Dependencies

* The following workspace dependencies were updated
  * dependencies
    * launchdarkly-cpp-internal bumped from 0.6.1 to 0.7.0
    * launchdarkly-cpp-common bumped from 1.5.0 to 1.6.0
    * launchdarkly-cpp-sse-client bumped from 0.3.2 to 0.4.0
</details>

<details><summary>launchdarkly-cpp-server-redis-source: 2.1.7</summary>

##
[2.1.7](launchdarkly-cpp-server-redis-source-v2.1.6...launchdarkly-cpp-server-redis-source-v2.1.7)
(2024-05-13)


### Dependencies

* The following workspace dependencies were updated
  * dependencies
    * launchdarkly-cpp-server bumped from 3.3.6 to 3.4.0
</details>

<details><summary>launchdarkly-cpp-sse-client: 0.4.0</summary>

##
[0.4.0](launchdarkly-cpp-sse-client-v0.3.2...launchdarkly-cpp-sse-client-v0.4.0)
(2024-05-13)


### Features

* add ability to skip TLS peer verification
([#399](#399))
([0422d35](0422d35))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions github-actions bot mentioned this pull request May 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keelerm84 keelerm84 keelerm84 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cwaldren-ld @keelerm84