Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HOLD] Enable hostnames for SNI but leave certificate verification off. #2124

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

[HOLD] Enable hostnames for SNI but leave certificate verification off. #2124

wants to merge 11 commits into from

Conversation

tylerkaraszewski
Copy link
Contributor

@tylerkaraszewski tylerkaraszewski commented Mar 11, 2025
edited
Loading

Details

This is marked as HOLD because we're reverting the mbedtls 3.6 change this depends on due to a crash doing backups. We need to resolve that, then we can merge this.

Fixed Issues

Fixes https://github.com/Expensify/Expensify/issues/479223

Tests

Internal Testing Reminder: when changing bedrock, please compile auth against your new changes

@tylerkaraszewski tylerkaraszewski changed the title [DO NOT MERGE ]Test branch [DO NOT MERGE] Test branch Mar 11, 2025
@tylerkaraszewski tylerkaraszewski changed the title [DO NOT MERGE] Test branch [WIP] Enable hostnames for SNI but leave certificate verification off. Mar 11, 2025
@tylerkaraszewski tylerkaraszewski self-assigned this Mar 11, 2025
@tylerkaraszewski
Copy link
Contributor Author

Before removing the last extra log line, I verified this was choosing sane values in the auth tests:

2025-03-12T00:10:41.137777+00:00 expensidev2004 bedrock10010: YeWc3Q (STCPManager.cpp:197) Socket [socket12] [info] SNI Host: api.stripe.com
2025-03-12T00:10:41.327374+00:00 expensidev2004 bedrock10013: NTgJrE (STCPManager.cpp:197) Socket [forwardCommand25] [info] SNI Host: expensify-mq-dev.marqeta.com
2025-03-12T00:10:41.727350+00:00 expensidev2004 bedrock10010: YeWc3Q (STCPManager.cpp:197) Socket [socket12] [info] SNI Host: api.stripe.com
2025-03-12T00:10:41.832672+00:00 expensidev2004 bedrock: yRXppD (STCPManager.cpp:197) Socket [socket3] [info] SNI Host: api.stripe.com
2025-03-12T00:10:42.306515+00:00 expensidev2004 bedrock10025: yUJdSE (STCPManager.cpp:197) Socket [socket11] [info] SNI Host: expensify-mq-dev.marqeta.com
2025-03-12T00:10:42.436624+00:00 expensidev2004 bedrock10010: 6dDyZ8 (STCPManager.cpp:197) Socket [socket14] [info] SNI Host: api.stripe.com
2025-03-12T00:10:42.658117+00:00 expensidev2004 bedrock10029: QCQDdD (STCPManager.cpp:197) Socket [forwardCommand1] [info] SNI Host: api.stripe.com
2025-03-12T00:10:42.861285+00:00 expensidev2004 bedrock10029: FklKsR  (STCPManager.cpp:197) Socket [StripeScheduler] [info] SNI Host: api.stripe.com
2025-03-12T00:10:42.883805+00:00 expensidev2004 bedrock10013: IB3RXP (STCPManager.cpp:197) Socket [forwardCommand56] [info] SNI Host: api.stripe.com
2025-03-12T00:10:43.073760+00:00 expensidev2004 bedrock10010: 6dDyZ8 (STCPManager.cpp:197) Socket [socket14] [info] SNI Host: api.stripe.com
2025-03-12T00:10:43.082958+00:00 expensidev2004 bedrock10013: TdXgcd (STCPManager.cpp:197) Socket [forwardCommand62] [info] SNI Host: api.stripe.com
2025-03-12T00:10:43.150022+00:00 expensidev2004 bedrock10013: nFyBCD (STCPManager.cpp:197) Socket [forwardCommand65] [info] SNI Host: expensify-mq-dev.marqeta.com
2025-03-12T00:10:43.287272+00:00 expensidev2004 bedrock10013: IB3RXP  (STCPManager.cpp:197) Socket [StripeScheduler] [info] SNI Host: api.stripe.com
2025-03-12T00:10:43.490445+00:00 expensidev2004 bedrock10013: nFyBCD  (STCPManager.cpp:197) Socket [StripeScheduler] [info] SNI Host: api.stripe.com
2025-03-12T00:10:44.152460+00:00 expensidev2004 bedrock10004: cykImL (STCPManager.cpp:197) Socket [socket4] [info] SNI Host: api.stripe.com

@tylerkaraszewski tylerkaraszewski changed the title [WIP] Enable hostnames for SNI but leave certificate verification off. Enable hostnames for SNI but leave certificate verification off. Mar 12, 2025
@tylerkaraszewski tylerkaraszewski changed the title Enable hostnames for SNI but leave certificate verification off. [HOLD] Enable hostnames for SNI but leave certificate verification off. Mar 12, 2025
@tylerkaraszewski tylerkaraszewski mentioned this pull request Mar 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coleaeason coleaeason coleaeason approved these changes

Assignees

@tylerkaraszewski tylerkaraszewski

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tylerkaraszewski @coleaeason