-
Notifications
You must be signed in to change notification settings - Fork 338
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update "insecure" client tests for SNI client #519
Comments
This broke us in production. IMO this either should've been a blocker for 2.7, or else the version should've been bumped to 3.0. |
@gpind Hi Michael, I'm very sorry about the problem! This is entirely on me, I'd incorrectly concluded that the affected tests were vestigial since they use an Could you please share more details on exactly what happened in your case? How exactly were you affected? What kind of solution/workaround was necessary? Anything relevant you can share might be helpful.
While it's easy to miss and not relevant in this case since the breakage was unintended, I'll note for future reference that http-kit uses Break Versioning - so the version bump to 2.7 is intended to indicate the possibility of minor breaks. In any case, I'll note that since http-kit lost its author several years ago - it's currently maintained by its community. While we do the best we can, errors undoubtedly will slip in from time to time. Realistically, more than in the average author-led project since we're all pretty strapped for time, and none of us is deeply familiar with the whole codebase or its design or history. I would recommend testing new releases before deploying to production. I'll add additional guidance on this to future release notes. Finally, just to reiterate- I really am sorry for any unintended breaks, I know how much stress that can cause. My sincere apologies. |
Update: I just found a reference to the |
Thanks for being understanding, @ptaoussanis. This stuff happens.
We communicate with many legacy servers we don't control. In some cases we talk to them via a proxy over VPN, and the setup is such that we need to pass
The immediate fix was simply to downgrade back to the version of http-kit we were on before. We of course could and should have caught this ourselves, and we're looking into why we didn't. I hadn't heard of Break Versioning, and will keep it in mind from now on. Thank you! |
Likewise - thanks a lot for your understanding, and for the additional info!
That's probably the best bet in the meantime, especially if you're otherwise satisfied with the previous version. Will try prioritise #528 after my next batch of open-source work, and update here if there's any news. |
Closing since this should now be addressed in Again apologies for the trouble. |
PR #513 switches the default http-kit client to an SNI-capable when on Java >= 8.
Unfortunately this change breaks unit tests that rely on http-kit's trustAnybody SSL engine.
Rather than hold up the merge of #513 (and so the first v2.7 beta), I've temporarily disabled the failing tests.
It would be good to get these tests fixed before the v2.7 RC, assistance very welcome!
The text was updated successfully, but these errors were encountered: