feat: add RSA mutual authentication support for RPC and HTTP#1173
Merged
Conversation
…crash
- Enable host_name_verification for NTLS path in coro_rpc_client
(previously commented out, SM2 certificates were not verified against hostname)
- Add sni_hostname parameter to init_ntls_client and init_ntls_tls13_gm_client
in coro_http_client for hostname verification support
- Fix crash when ssl_domain is empty string in RSA path of coro_rpc_client
by adding empty() check before constructing host_name_verification
- Add CA chain verification callback when sni_hostname is empty but
verify_mode requires verification
- Update NTLS documentation with hostname verification section,
sni_hostname usage examples, and certificate CN/SAN requirements
1. Fix NTLS server missing verify_fail_if_no_peer_cert flag when enable_client_verify=true (common_service.hpp, coro_http_connection.hpp) 2. Fix use_ntls_ default value from true to false in coro_http_client.hpp 3. Fix init_ssl() incorrectly blocking standard SSL when YLT_ENABLE_NTLS is defined but use_ntls_=false, now falls through to standard SSL 4. Fix host_name_verification skipping for IP addresses (127.0.0.1, localhost, ::1) in both init_ssl overloads
Verify that servers with enable_client_verify=true correctly reject clients that don't present valid certificates, for both TLCP and TLS 1.3 + GM modes on RPC (8802, 8804) and HTTP (8802, 8804).
…apper close Root cause: Two issues causing access violation in SSL pool reconnect: 1. Dangling Socket& in connect_impl (PRIMARY): connect() captures Socket& soc via socket_wrapper_.visit(), pointing to *ssl_stream_. When connect_impl calls reset(), reset() destroys old ssl_stream_ and creates new one via init_ssl(). The soc reference now dangles - async_connect(soc, *eps) accesses freed memory. 2. Premature ssl_stream_ destruction in close() (SECONDARY): On Windows IOCP, asio::post handlers can run BEFORE cancellation completion handlers (LIFO dequeuing). Destroying ssl_stream_ in close() (even via asio::post) could cause the cancelled async op's completion handler to access freed SSL memory. Fix (minimal changes): - socket_wrapper.hpp close(): Do NOT destroy ssl_stream_. Just close the socket. Leave ssl_stream_ alive for pending completions. Cleaned up later by init_ssl() or destructor. - socket_wrapper.hpp init_ssl(): Destroy old ssl_stream_ before creating new one (safe because called from reset() after cancelled async op completed). - coro_rpc_client.hpp connect_impl(): Use socket_wrapper_.visit() to get fresh socket reference for async_connect() instead of stale soc param. - coro_rpc_client.hpp close_socket(): Remove drain post (no longer needed since close() doesn't destroy ssl_stream_). - client_pool.hpp alive_detect(): Fix dangling config reference after client reset to nullptr. Copy config before resetting, pass by value. Test: test_rpc_ssl_reconnect.cpp covers SSL pool reconnect and direct client reconnect scenarios.
When close_socket_async() has already set has_closed_ and dispatched
a close to the IO thread, reset() calls co_await close_socket() which
sees has_closed_=true and returns immediately. Then init_tcp_socket()
operates on the same socket_ while the dispatched close is still
running on the IO thread, causing a data race.
The drain post (co_await coro_io::post([](){}, executor)) ensures
the IO thread has processed the pending close dispatch before
reset() continues to init_tcp_socket().
Add test_rpc_ssl_reconnect.cpp (doctest) covering: - SSL client direct close+reconnect (dangling Socket& fix) - SSL client pool reconnect after close - SSL client pool multiple reconnect cycles
Collaborator
Author
|
for detail, goto summary download Artifacts |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See #1169