feat: add ability to skip TLS peer verification #399
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cwaldren-ld
changed the title
cwaldren-ld
changed the title
cwaldren-ld
commented
May 10, 2024
| auto const& polling_config = std::get< | ||
| config::shared::built::PollingConfig<config::shared::ClientSDK>>( | ||
| data_source_config.method); | ||
| if (http_properties.Tls().VerifyMode() == |
Contributor
Author
There was a problem hiding this comment.
Could pass a logger dep to the requester_ and have it do the logging instead. In any case, I just wanted to be sure people see a log message since this is pretty critical. Perhaps it should be at info or warn level.
cwaldren-ld
force-pushed
the
cw/verify-peer-tls-contract-tests
branch
from
d248e8e to
372b2e6
Compare
cwaldren-ld
force-pushed
the
cw/verify-peer-tls-contract-tests
branch
from
372b2e6 to
c959748
Compare
cwaldren-ld
force-pushed
the
cw/verify-peer-tls-contract-tests
branch
from
49432f1 to
b5dfa5d
Compare
cwaldren-ld
force-pushed
the
cw/verify-peer-tls-contract-tests
branch
from
b5dfa5d to
93c3aab
Compare
keelerm84
approved these changes
May 13, 2024
libs/common/include/launchdarkly/config/shared/builders/http_properties_builder.hpp
Outdated
Show resolved
Hide resolved
libs/internal/include/launchdarkly/events/detail/worker_pool.hpp
Outdated
Show resolved
Hide resolved
Co-authored-by: Matthew M. Keeler <mkeeler@launchdarkly.com>
cwaldren-ld
force-pushed
the
cw/verify-peer-tls-contract-tests
branch
from
66bf64b to
e3a12dc
Compare
Merged
cwaldren-ld
pushed a commit
that referenced
this pull request
May 13, 2024
🤖 I have created a release *beep* *boop* --- <details><summary>launchdarkly-cpp-client: 3.5.0</summary> ## [3.5.0](launchdarkly-cpp-client-v3.4.3...launchdarkly-cpp-client-v3.5.0) (2024-05-13) ### Features * add ability to skip TLS peer verification ([#399](#399)) ([0422d35](0422d35)) ### Dependencies * The following workspace dependencies were updated * dependencies * launchdarkly-cpp-internal bumped from 0.6.1 to 0.7.0 * launchdarkly-cpp-common bumped from 1.5.0 to 1.6.0 * launchdarkly-cpp-sse-client bumped from 0.3.2 to 0.4.0 </details> <details><summary>launchdarkly-cpp-common: 1.6.0</summary> ## [1.6.0](launchdarkly-cpp-common-v1.5.0...launchdarkly-cpp-common-v1.6.0) (2024-05-13) ### Features * add ability to skip TLS peer verification ([#399](#399)) ([0422d35](0422d35)) </details> <details><summary>launchdarkly-cpp-internal: 0.7.0</summary> ## [0.7.0](launchdarkly-cpp-internal-v0.6.1...launchdarkly-cpp-internal-v0.7.0) (2024-05-13) ### Features * add ability to skip TLS peer verification ([#399](#399)) ([0422d35](0422d35)) ### Dependencies * The following workspace dependencies were updated * dependencies * launchdarkly-cpp-common bumped from 1.5.0 to 1.6.0 </details> <details><summary>launchdarkly-cpp-server: 3.4.0</summary> ## [3.4.0](launchdarkly-cpp-server-v3.3.6...launchdarkly-cpp-server-v3.4.0) (2024-05-13) ### Features * add ability to skip TLS peer verification ([#399](#399)) ([0422d35](0422d35)) ### Dependencies * The following workspace dependencies were updated * dependencies * launchdarkly-cpp-internal bumped from 0.6.1 to 0.7.0 * launchdarkly-cpp-common bumped from 1.5.0 to 1.6.0 * launchdarkly-cpp-sse-client bumped from 0.3.2 to 0.4.0 </details> <details><summary>launchdarkly-cpp-server-redis-source: 2.1.7</summary> ## [2.1.7](launchdarkly-cpp-server-redis-source-v2.1.6...launchdarkly-cpp-server-redis-source-v2.1.7) (2024-05-13) ### Dependencies * The following workspace dependencies were updated * dependencies * launchdarkly-cpp-server bumped from 3.3.6 to 3.4.0 </details> <details><summary>launchdarkly-cpp-sse-client: 0.4.0</summary> ## [0.4.0](launchdarkly-cpp-sse-client-v0.3.2...launchdarkly-cpp-sse-client-v0.4.0) (2024-05-13) ### Features * add ability to skip TLS peer verification ([#399](#399)) ([0422d35](0422d35)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds in a new configuration option allowing users to disable peer verification in TLS handshake.
Additionally, it implements two new contract test capabilities to verify this behavior (
tls:verify-peerandtls:skip-verify-peer.)Because the functionality was added to the sse library and the shared asio requester, both the server and client gain this functionality. Therefore I've added bindings for both along with the contract test implementations.