[fix] Fix hostname verification #126
Conversation
izumo27
force-pushed
the
fix_hostname_verification
branch
from
7a6cd3b to
a38e41b
Compare
|
Rebased master |
|
@merlimat PTAL, thanks |
There was a problem hiding this comment.
After I reverted your changes in ClientConnection.cc, these tests could still pass. Could you explain it?
$ ./tests/pulsar-tests --gtest_filter='AuthPluginTest.testTlsDetectPulsarSslWithHostNameValidationMissingCertsFile'
Note: Google Test filter = AuthPluginTest.testTlsDetectPulsarSslWithHostNameValidationMissingCertsFile
[==========] Running 1 test from 1 test suite.
[----------] Global test environment set-up.
[----------] 1 test from AuthPluginTest
[ RUN ] AuthPluginTest.testTlsDetectPulsarSslWithHostNameValidationMissingCertsFile
2022-12-19 19:55:54.972 INFO [140386200329920] ClientConnection:190 | [<none> -> pulsar+ssl://localhost:6651] Create ClientConnection, timeout=10000
2022-12-19 19:55:54.973 INFO [140386200329920] ConnectionPool:97 | Created connection for pulsar+ssl://localhost:6651
2022-12-19 19:55:54.974 INFO [140386197206784] ClientConnection:387 | [127.0.0.1:50090 -> 127.0.0.1:6651] Connected to broker
2022-12-19 19:55:54.982 ERROR [140386197206784] ClientConnection:487 | [127.0.0.1:50090 -> 127.0.0.1:6651] Handshake failed: certificate verify failed
2022-12-19 19:55:54.982 INFO [140386197206784] ClientConnection:1599 | [127.0.0.1:50090 -> 127.0.0.1:6651] Connection closed with ConnectError
2022-12-19 19:55:54.982 ERROR [140386197206784] ClientImpl:183 | Error Checking/Getting Partition Metadata while creating producer on persistent://private/auth/testTlsDetectPulsarSslWithHostNameValidationMissingCertsFile -- ConnectError
2022-12-19 19:55:54.982 INFO [140386197206784] ClientConnection:268 | [127.0.0.1:50090 -> 127.0.0.1:6651] Destroyed connection
[ OK ] AuthPluginTest.testTlsDetectPulsarSslWithHostNameValidationMissingCertsFile (13 ms)
This PR fixes |
There was a problem hiding this comment.
Could you also add a test case that demonstrates the failed case of hostname verification? Like here: https://github.com/apache/pulsar/blob/master/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java#L140
The test requires changing configurations of a broker, but mocking is difficult. |
|
You can change the current config If it requires changing configurations at broker level and it will affect other tests, I think setting up another standalone is okay. |
|
I added tests for invalid broker using another standalone. |
|
The fix LGTM, but could you describe how to generate this certificates? It would not block this PR but I think it could be improved to make tests clear. It seems that when |
The certificates I added for man-in-the-middle attacks is the same as the certificates in pulsar repository. |
### Motivation If `ValidateHostName` is set to true, handshake always fails. ``` INFO [] ClientConnection:375 | [ -> ] Connected to broker ERROR [] ClientConnection:463 | [ -> ] Handshake failed: certificate verify failed INFO [] ClientConnection:1560 | [ -> ] Connection closed ``` ### Modifications - Verify `serviceUrl.host()`, not `physicalAddress`. - `physicalAddress` is serviceUrl, which contains protocol (e.g. pulsar+ssl) and port number. - Use `ssl::stream::set_verify_callback` instead of `ssl::context::set_verify_callback`. - Verification should work with `ssl::context::set_verify_callback`, but somehow it doesn't work. Co-authored-by: hoguni <hoguni@yahoo-corp.jp>
Motivation
If
ValidateHostNameis set to true, handshake always fails.Modifications
serviceUrl.host(), notphysicalAddress.physicalAddressis serviceUrl, which contains protocol (e.g. pulsar+ssl) and port number.ssl::stream::set_verify_callbackinstead ofssl::context::set_verify_callback.ssl::context::set_verify_callback, but somehow it doesn't work.Verifying this change
Documentation
doc-required(Your PR needs to update docs and you will update later)
doc-not-needed(Please explain why)
doc(Your PR contains doc changes)
doc-complete(Docs have been already added)