Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLSOptions: handle conflict: same host name, different TLS options #5056

Merged
merged 3 commits into from Jul 3, 2019
Merged

TLSOptions: handle conflict: same host name, different TLS options #5056

merged 3 commits into from Jul 3, 2019

Conversation

mpl
Copy link
Collaborator

@mpl mpl commented Jul 2, 2019

What does this PR do?

This PR handles the conflict that occurs when several routers have the same Host in their rule, but have different TLS options associated to that Host.
To address that problem, this PR:

  1. Documents the conflict.
  2. Warns the user about the situation with log messages.
  3. Fallbacks to the default TLS option when such a conflict is detected.

In addition, we took the opportunity to fix some related documentation (about TLS options) in the acme CRD user-guide.

Motivation

To fix the conflict, which could potentially even have security implications (e.g. when a router would end up using some less strict TLS options than the ones specified by the user).

More

  • Added/updated tests
  • Added/updated documentation

Additional Notes

Fixes #5046

Co-authored-by: Julien Salleyron julien.salleyron@gmail.com

@traefiker traefiker added this to the 2.0 milestone Jul 2, 2019
@ldez ldez added this to To review in v2 via automation Jul 2, 2019
@juliens juliens added area/tls and removed area/acme labels Jul 2, 2019
@mpl mpl added area/tls and removed area/tls labels Jul 2, 2019
ldez
ldez requested changes Jul 2, 2019
View reviewed changes
integration/fixtures/https/https_tls_options.toml Outdated Show resolved Hide resolved
integration/fixtures/https/https_tls_options.toml Outdated Show resolved Hide resolved
integration/fixtures/https/https_tls_options.toml Outdated Show resolved Hide resolved
integration/fixtures/https/https_tls_options.toml Outdated Show resolved Hide resolved
ldez
ldez approved these changes Jul 2, 2019
View reviewed changes
Copy link
Member

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dtomcej
dtomcej approved these changes Jul 2, 2019
View reviewed changes
Copy link
Contributor

@dtomcej dtomcej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
:shipit:

jbdoumenjou
jbdoumenjou approved these changes Jul 3, 2019
View reviewed changes
Copy link
Member

@jbdoumenjou jbdoumenjou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@traefiker traefiker merged commit 39aae41 into traefik:v2.0 Jul 3, 2019
v2 automation moved this from To review to Done Jul 3, 2019
@traefiker traefiker mentioned this pull request Jul 3, 2019
Closed
2 tasks
@juliens juliens deleted the tls-options-conflict branch September 6, 2019 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbdoumenjou jbdoumenjou jbdoumenjou approved these changes

@ldez ldez ldez approved these changes

@dtomcej dtomcej dtomcej approved these changes

Assignees
No one assigned
Labels
area/tls kind/enhancement a new or improved feature. size/M
Projects
No open projects
v2
Done
Milestone
2.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@mpl @jbdoumenjou @ldez @dtomcej @juliens @traefiker