Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-117301497
Thanks!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
Github user asfgit closed the pull request at:
https://github.com/apache/trafficserver/pull/189
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-116772011
@jacksontj if there is no question, can you please merge the pull request?
---
If your project is set up for it, you can reply to this email and have your
reply ap
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-115743209
@jacksontj is there any technical reason why this pull request has not been
merged?
---
If your project is set up for it, you can reply to this email and have you
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-115730361
@zwoop we can if you want, but these are all just adding tests for features
that already exist-- So I would lean towards not requiring tickets.
---
If your pro
Github user zwoop commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-112872925
Thomas: Should we start making Jiras's for these new tsqa features ? It'd
be nice to track what is being added outside of other code changes.
---
If your project i
Github user PSUdaemon commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-112872594
@jacksontj - Are you going to commit this?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If yo
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-104432343
It has been rebased. Should be able to be applied cleanly.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub a
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-102466395
Will get to it real soon. :)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does n
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-101816775
@zeb209 Ping on the rebase :)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project do
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-98012180
@zeb209 Per our offline discussion we can add the tests for assigning a key
out of the middle later. Before we merge this in though, can you do a git mv
and a sq
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96907871
The point I'm trying to make (apparently not very effectively) is that the
current implementation makes it *very* difficult to have the same set of keys
on all b
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96752161
The premise of your approach is that the keys on all boxes have keys in
sync, which is the same problem here. You try to encrypt new session tickets
with the later
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96100469
The issue comes in with clients that move between ATS boxes. For example,
if a user hits box A and gets a ticket encrypted with the newest key, its
complet
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96043182
No you don't. You just run "traffic_line -x" whenever you think they all
have the new key. Some boxes will run "traffic_line -x" a few minutes later
than the others
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96041983
All that means is I have to run traffic line at the same time everywhere,
which just moves the atomicity requirement.
On Apr 24, 2015 12:22 PM, "Bin" wrot
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96041018
No, you do not have to atomically add the new key. What you can do is you
push a new key to a cluster, then you wait a few minutes, say 20, until all of
them receiv
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96038933
With that behavior it means that you have yo atomically add the new key to
all hosts within a Colo, which is difficult to say the least. Since we
can't rea
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-96037112
ATS does not review tickets using the middle key. Here is how it works.
When you rotate the key, you push a new key to the head of the key file and
remove one from
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-95760782
Another thing, IIRC we were going to have ATS renew tickets using the
middle (or at least not newest) ticket we should also test that :)
---
If your project is
Github user jacksontj commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/189#discussion_r29015514
--- Diff: ci/new_tsqa/tests/test_tls_ticket_key_rotation.py ---
@@ -0,0 +1,175 @@
+# Licensed to the Apache Software Foundation (ASF) under one
Github user jacksontj commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/189#discussion_r29015459
--- Diff: ci/new_tsqa/tests/test_tls_ticket_key_rotation.py ---
@@ -0,0 +1,175 @@
+# Licensed to the Apache Software Foundation (ASF) under one
Github user jacksontj commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/189#discussion_r29015424
--- Diff: ci/new_tsqa/tests/test_tls_ticket_key_rotation.py ---
@@ -0,0 +1,175 @@
+# Licensed to the Apache Software Foundation (ASF) under one
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-95759799
@zeb209 Do you need to make new certs? there are ssl certs already
generated in the test tree (might not have existed when you started)
---
If your project is s
Github user zeb209 commented on the pull request:
https://github.com/apache/trafficserver/pull/189#issuecomment-95372538
jacksontj is the best person to look at.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your pro
GitHub user zeb209 opened a pull request:
https://github.com/apache/trafficserver/pull/189
Integration test for TLS ticket key rotation.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/zeb209/trafficserver test_tls_key_rot
Alter
26 matches
Mail list logo
