Skip to content

credentials/tls: Strip port before validating authority override#8726

Merged
easwars merged 7 commits intogrpc:masterfrom
Atul1710:validateauthority_host_port_split
Dec 15, 2025
Merged

credentials/tls: Strip port before validating authority override#8726
easwars merged 7 commits intogrpc:masterfrom
Atul1710:validateauthority_host_port_split

Conversation

@Atul1710
Copy link
Copy Markdown
Contributor

@Atul1710 Atul1710 commented Nov 25, 2025
edited by easwars
Loading

Fixes: #8719

Splits the host and port in the HTTP2 :authority header in ValidateAuthority before calling VerifyHostname. Added test cases to check multiple different types of values possible for :authority

RELEASE NOTES:

  • credentials/tls: strip port before validating authority override.

@linux-foundation-easycla
Copy link
Copy Markdown

linux-foundation-easycla Bot commented Nov 25, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@Atul1710 Atul1710 changed the title Splitting host and port of authority header Splitting host and port of authority header Nov 25, 2025
@codecov
Copy link
Copy Markdown

codecov Bot commented Nov 25, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.37%. Comparing base (cdbafd3) to head (aa986e2).
⚠️ Report is 26 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8726      +/-   ##
==========================================
+ Coverage   83.25%   83.37%   +0.12%     
==========================================
  Files         419      418       -1     
  Lines       32427    32488      +61     
==========================================
+ Hits        26997    27087      +90     
+ Misses       4047     4017      -30     
- Partials     1383     1384       +1
Files with missing lines Coverage Δ
credentials/tls.go 91.53% <100.00%> (+2.56%) ⬆️

... and 58 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Atul1710 Atul1710 changed the title Splitting host and port of authority header credentials/tls: Splitting host and port of authority header Nov 25, 2025
@Atul1710 Atul1710 mentioned this pull request Nov 25, 2025
Closed
@arjan-bal arjan-bal self-assigned this Nov 27, 2025
@arjan-bal arjan-bal self-requested a review November 27, 2025 05:43
arjan-bal
arjan-bal reviewed Nov 27, 2025
View reviewed changes
Comment thread test/transport_test.go
Copy link
Copy Markdown
Contributor

@arjan-bal arjan-bal Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The existing tests for authority override are located here:

  1. Tests for successful override
  2. Tests for invalid override

Could you please add a new test case to the list of successful cases? For the invalid override tests, it would be great if you could refactor them into a table-driven test (similar to the success cases) and include a case for the changes in this PR. This will help avoid code duplication.

Copy link
Copy Markdown
Contributor Author

@Atul1710 Atul1710 Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review! Same has been done.

@arjan-bal arjan-bal assigned Atul1710 and unassigned arjan-bal Nov 27, 2025
@arjan-bal arjan-bal added this to the 1.78 Release milestone Nov 27, 2025
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Dec 8, 2025

This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed.

@github-actions github-actions Bot added stale and removed stale labels Dec 8, 2025
@arjan-bal arjan-bal assigned arjan-bal and unassigned Atul1710 Dec 12, 2025
arjan-bal
arjan-bal approved these changes Dec 12, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@arjan-bal arjan-bal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, adding a second reviewer.

@arjan-bal arjan-bal requested a review from easwars December 12, 2025 09:58
@arjan-bal arjan-bal assigned easwars and unassigned arjan-bal Dec 12, 2025
@easwars easwars changed the title credentials/tls: Splitting host and port of authority header credentials/tls: Strip port before validating authority override Dec 15, 2025
@easwars easwars merged commit 489f1f6 into grpc:master Dec 15, 2025
24 of 25 checks passed
This was referenced Apr 23, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@easwars easwars easwars approved these changes

@arjan-bal arjan-bal arjan-bal approved these changes

Assignees

@easwars easwars

Labels

Type: Bug

Projects

None yet

Milestone

1.79 Release

Development

Successfully merging this pull request may close these issues.

tls: Authority validation doesn't strip ports before validation

4 participants

@Atul1710 @easwars @arjan-bal @eshitachandwani