feat: add RSA mutual authentication support for RPC and HTTP#1148
feat: add RSA mutual authentication support for RPC and HTTP#1148shenxuebing wants to merge 59 commits intoalibaba:mainfrom
Conversation
…uo source tree's test certificates
… and update Windows library linking to use 'mswsock' alongside 'ws2_32' for various examples and benchmarks.
….hpp and update coro_http_client.hpp to enable NTLS by default, ensuring proper SSL context initialization.
…hecks, ensuring proper compilation of OpenSSL dependencies.
…store conditional compilation for NTLS support, ensuring compatibility with builds that do not support NTLS.
…ver.hpp to clean up the codebase and improve readability.
…ling integration with Tongsuo library, supported protocols, usage examples, and configuration steps.
|
for detail, goto summary download Artifacts |
这里CI报错的需要我处理吗? |
|
for detail, goto summary download Artifacts |
目前看来还是有一些错误: 看上去是在某些没有安装SSL的环境,还是执行了SSL测试导致的。 |
- Set is_ssl_schema_ = true in init_ssl() to ensure HTTPS protocol is used - Update test URLs from http:// to https:// for SSL tests - Add certificate copy to test working directory in CMakeLists.txt - Fix CA certificate path from server.crt to ca.crt in RPC tests - Add missing ca.crt, client.crt, client.key for mutual auth tests - Update server certificates signed by CA
… 1.3 Changes: - Set SSL security level to 0 for test certificates (OpenSSL 3.0 compatibility) - Change SSL context from sslv23 to tls for modern TLS - Skip hostname verification for IP addresses (127.0.0.1, localhost) - Update SSL client test to use ca.crt for server verification - Handle TLS 1.3 post-handshake auth behavior in mutual auth tests - Regenerate certificates with proper SAN extension for 127.0.0.1 - Add fake.crt/fake.key for testing invalid client certificates - Remove unused fake_server.crt/fake_server.key
|
for detail, goto summary download Artifacts |
- Fix code formatting in SSL mutual auth test files - Add Testing to .gitignore - Update coro_rpc_client documentation (Chinese and English)
|
for detail, goto summary download Artifacts |
- Add init_ssl with client certificate for mutual auth (RPC & HTTP) - Set is_ssl_schema_ = true in init_ssl() - Set SSL security level to 0 for test certificates (OpenSSL 3.0) - Change SSL context from sslv23 to tls for modern TLS - Skip hostname verification for IP addresses - Add mutual auth test files and certificates - Add SSL mutual auth documentation
…eneration script Restore fake_server.crt/key, update generate_mutual_auth_certs script to only generate certs for mutual auth (CA-signed server/client certs).
- Restore all original upstream cert/key files unchanged - Add mutual_ prefixed certs for mutual auth tests only - mutual_fake.crt is self-signed (not by mutual CA) for negative testing - Update test files to reference new mutual_ cert names
…h tests - Restore server.crt/key from main branch (self-signed certificates) - Fix test code to use server.crt directly instead of ca.crt for verification - Update line endings for dh512.pem, dhparam.pem, generate.txt - Add server.csr from main branch SSL one-way authentication now uses self-signed server.crt directly, while mutual authentication tests continue using mutual_* prefixed certs.
|
for detail, goto summary download Artifacts |
|
for detail, goto summary download Artifacts |
|
for detail, goto summary download Artifacts |
Add init_ssl overload that supports client certificate and key files for mutual SSL/TLS authentication, based on upstream code.
|
for detail, goto summary download Artifacts |
|
for detail, goto summary download Artifacts |
|
@shenxuebing CI基本都通过了呀,pr 为什么关闭了呢? |
|
需要我来修一下代码格式化的问题吗? |
3 participants
Why
Close:#1134
What is changing
Example