Skip to content

[release/1.7] Fix ambiguous tls fallback #9299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AkihiroSuda merged 2 commits into from
Oct 26, 2023
Merged

[release/1.7] Fix ambiguous tls fallback #9299

AkihiroSuda merged 2 commits into from
Oct 26, 2023

Conversation

@dmcgowan
Copy link
Member

@dmcgowan dmcgowan commented Oct 26, 2023

Backport

@dmcgowan
Avoid TLS fallback when protocol is not ambiguous
35c7634 
The TLS fallback should only be used when the protocol is ambiguous due
to provided TLS configurations and defaulting to http. Do not add TLS
configurations when defaulting to http. When the port is 80 or will be
defaulted to 80, there is no protocol ambiguity and TLS fallback should
not be used.

Signed-off-by: Derek McGowan <[email protected]>
(cherry picked from commit d48ceb6)
Signed-off-by: Derek McGowan <[email protected]>
@dmcgowan
Check scheme and host of request on push redirect
68abc54 
When the HTTP fallback is used, the scheme changes from HTTPS to HTTP
which can cause a mismatch on redirect, causing the authorizer to get
stripped out. Since the redirect host must match the redirect host in
this case, credentials are only sent to the same origin host that
returned the redirect.

This fixes an issue for a push getting a 401 unauthorized on the PUT
request even though credentials are available.

Signed-off-by: Derek McGowan <[email protected]>
(cherry picked from commit 466ee87)
Signed-off-by: Derek McGowan <[email protected]>
akhilerm
akhilerm approved these changes Oct 26, 2023
View reviewed changes
Copy link
Member

@akhilerm akhilerm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@estesp estesp mentioned this pull request Oct 26, 2023
Merged
@AkihiroSuda
Copy link
Member

AkihiroSuda commented Oct 26, 2023

I see the Merge pull request button, but can't find the "Merge queue" button 🤔

@AkihiroSuda AkihiroSuda merged commit 6a9a187 into containerd:release/1.7 Oct 26, 2023
@dmcgowan
Copy link
Member Author

dmcgowan commented Oct 26, 2023

We haven't enabled the merge queue for 1.7 yet

@crazy-max crazy-max mentioned this pull request Oct 27, 2023
Closed
@crazy-max crazy-max mentioned this pull request Nov 6, 2023
Closed
@estesp estesp mentioned this pull request Nov 8, 2023
Closed
@Racer159 Racer159 mentioned this pull request Feb 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuelkarp samuelkarp samuelkarp approved these changes

@estesp estesp estesp approved these changes

@akhilerm akhilerm akhilerm approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dmcgowan @AkihiroSuda @samuelkarp @estesp @akhilerm