Enables switching SSL certificates on QUIC with QUICHE #9347
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Author
|
This depends on #9322, and most code change will be gone after merging it. The most important change on this PR is use of |
This enables using certificates loaded by QUICMultiCertConfigLoader (not only the default cert but also certs for specific servernames and IP addresses). This also makes other SNI stuff work (SNIAction, cssn log field) on QUIC.
Member
Author
|
This requires BoringSSL if we use Quiche implementation, and I think the autest failure is because of the build environment, which use OpenSSL(quictls). @bneradt Can we use BoringSSL on the image for Quiche build? |
Member
Author
|
[approve ci autest] |
1 similar comment
Member
Author
|
[approve ci autest] |
Member
Author
|
[approve ci autest] |
Member
Author
|
This breaks the original QUIC implementation, and autests for HTTP/3 would be ran only if ATS is built with Quiche. |
bneradt
requested changes
Apr 18, 2023
bneradt
approved these changes
Apr 18, 2023
cmcfarlen
pushed a commit
to cmcfarlen/trafficserver
that referenced
this pull request
Jun 3, 2024
* asf/master: (40 commits) Change remap filter behavior to match ip_allow.yaml (apache#9631) Cleanup: Get rid of dead code from Cache (apache#9621) Replace obsolete Debug() macro with Dbg() in SocksProxy.cc. (apache#9613) Updates for the new go-httpbin v2.6.0 release. (apache#9633) Fix debian symbol not found for test_HttpTransact (apache#9617) add traffic_ctl to cmake (apache#9628) Fix Proxy Protocol outbound (apache#9632) DOC: Fix variable name `proxy.config.exec_thread.autoconfig.enabled`. (apache#9629) traffic_ctl: metric monitor. Handle SIGINT to drop collected stats. (apache#9570) traffic_ctl: plugin msg command, print out the response from server. (apache#9610) Doc: document IP allow filter for remap. (apache#9626) Cleanup: Rename d with vol (apache#9619) Ensure a reason phrase when sending an HTTP/1 response (apache#9615) Cmake plugins and install things (apache#9597) quic: Fix session cleanup assert. (apache#9622) Enables switching SSL certificates on QUIC with QUICHE (apache#9347) Use FetchSM for OCSP HTTP requests (apache#9591) Make a couple of the threads configs correct (apache#9604) Change submit_and_wait to take ink_hrtime. Fix test_AIO for io_uring. (apache#9555) Update build_h3_tools for mac (apache#9608) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This enables using certificates loaded by QUICMultiCertConfigLoader (not only the default cert but also certs for specific servernames and IP addresses).
This also makes other SNI stuff work on QUIC.