Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WFLY-11003] Add documentation describing how to define an SSLContextfor SNI in the WildFly Elytron subsystem. #11659

Merged
merged 1 commit into from Nov 30, 2018
Merged

[WFLY-11003] Add documentation describing how to define an SSLContextfor SNI in the WildFly Elytron subsystem. #11659

merged 1 commit into from Nov 30, 2018

Conversation

darranl
Copy link
Contributor

@darranl darranl commented Sep 12, 2018
edited

Thanks for submitting your Pull Request!

Please make sure your PR meets the following requirements:

  • Pull Request title is properly formatted: [WFLY-XYZ] Subject or WFLY-XYZ Subject
  • Pull Request contains link to the JIRA issue(s)

https://issues.jboss.org/browse/WFLY-11003

  • Pull Request contains description of the issue(s)

This pull request is adding documentation for the SNI support added under PR: -
wildfly/wildfly-core#3513

  • Pull Request does not include fixes for issues other than the main ticket
  • Attached commits represent units of work and are properly formatted

For bigger changes, major and minor component upgrades make sure your PR also meets following requirements:

  • Pull Request requires a change to the documentation
  • Documentation have been updated accordingly
  • Tests were added to cover changes

For new features ensure as well:

  • Analysis was done
  • Test Plan has been done
  • Tests were verified in advance

If you are not an active contributor of the WildFly project you can request sponsorship by one of the members to help guide you through the process.

@darranl darranl mentioned this pull request Sep 12, 2018
Merged
@bstansberry bstansberry added the Feature-Docs PR documents a new feature coming via WildFly Core label Oct 11, 2018
@jamezp jamezp added the core-upgrade-needed PR requires a wildfly-core change to be merged and integrated first label Nov 7, 2018
jamezp
jamezp reviewed Nov 7, 2018
View reviewed changes
docs/src/main/asciidoc/_elytron/Using_the_Elytron_Subsystem.adoc Outdated
@@ -1999,6 +1999,41 @@ use custom implementations of the following components:
When creating custom implementations of Elytron components, they must
present the appropriate capabilities and requirements.

=== Configuring SNI

Using the WildFly Elytron subsystem it is possible to configure an SSL context which supports SNI. By supporting SNI if an SNI host name is available whilst the SSLSession is being negotiation a host specific SSLcontext will be selected. If no host specific SSLContext is identified either because no host name was received or because there is no match a default SSLContext will be used instead. By identifying a host specific SSLContext it means that a certificate appropriate for that host can be used.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor detail but

host specific SSLcontext

Should probably be SSLContext to match the rest of the case.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also in that same clause...

s/is being negotation/is being negotiated/g

@jamezp jamezp added rebase-this PR has a merge conflict. and removed core-upgrade-needed PR requires a wildfly-core change to be merged and integrated first labels Nov 7, 2018
@darranl
Copy link
Contributor Author

darranl commented Nov 29, 2018

@jamezp Can you please remove the 'rebase-this' label - this one is ready to go in.

@jamezp jamezp removed the rebase-this PR has a merge conflict. label Nov 29, 2018
@jamezp jamezp added the ready-for-merge Only for use by those with merge permissions! label Nov 30, 2018
@jamezp
Copy link
Member

jamezp commented Nov 30, 2018

I killed the CI jobs since it's only a doc change.

jamezp added a commit that referenced this pull request Nov 30, 2018
@jamezp
Merged pull request #11659
ab44e61 
[WFLY-11003] Add documentation describing how to define an SSLContext for SNI in the WildFly Elytron subsystem.
@jamezp jamezp merged commit ac01f87 into wildfly:master Nov 30, 2018
jstourac
jstourac reviewed Feb 5, 2019
View reviewed changes
docs/src/main/asciidoc/_elytron/Using_the_Elytron_Subsystem.adoc

This example assumes that three SSLContexts have been previously defined following the steps available previously in this document, those contexts are `jboss`, `localhost`, and `wildfly`.

During negotiation of the SSLSession if the SNI host name received is `localhost` then the `localhost` SSLContext will be used, if the SNI host name is `wildfly.org` then the `wildfly` SSLContext will be used. If no SNI host name is received or if we receive a name that does not match this will fallback and use the `jboss` SSLContext.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, as . (dot) character in the mapping is used as a reg-exp character, then wildfly.org will match e.g.: wildflyLorg, wildflyborg, etc., see https://issues.jboss.org/browse/WFWIP-102.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bstansberry bstansberry bstansberry left review comments

@jstourac jstourac jstourac left review comments

@jamezp jamezp jamezp approved these changes

Assignees
No one assigned
Labels
Feature-Docs PR documents a new feature coming via WildFly Core ready-for-merge Only for use by those with merge permissions!
Projects
None yet
Milestone
No milestone
4 participants
@darranl @jamezp @bstansberry @jstourac