Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v24.3.x] [CORE-8754] Handle new TLS error code #24765

Merged
merged 2 commits into from
Jan 10, 2025
Merged

[v24.3.x] [CORE-8754] Handle new TLS error code #24765

merged 2 commits into from
Jan 10, 2025
+64 −3,746

Conversation

michael-redpanda
Copy link
Contributor

@michael-redpanda michael-redpanda commented Jan 10, 2025
edited
Loading

Fixes: CORE-8782
Fixes: #24757

Backport of PR #24749

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v24.3.x
  • v24.2.x
  • v24.1.x

Release Notes

  • none

@michael-redpanda
bazel: Updated Seastar ref for new TLS error codes
8e173ed 
Seastar now reports new error codes for certain TLS connection issues:

* `ERROR_WRONG_VERSION_NUMBER`
* `ERROR_HTTP_REQUEST`
* `ERROR_HTTPS_PROXY_REQUEST`

Signed-off-by: Michael Boquard <michael@redpanda.com>
(cherry picked from commit ad6d50c)
@michael-redpanda
net: Updated TLS reconnect errors
189cb4c 
When a non TLS connection attempts to connect and send data to a Redpanda
TLS enabled endpoint, OpenSSL may report different error codes depending on
what it sees on the incoming packet:

* `ERROR_WRONG_VERSION_NUMBER` - reported when OpenSSL inspects the packet
  expecting to see a known TLS version but the one it sees is unknown.
  This is distinct to seeing an unsupported version.
* `ERROR_HTTP_REQUEST` - similar to `ERROR_WRONG_VERSION_NUMBER`, however in
  this situation, the packet starts with a known HTTP verb (e.g. `GET`, or
  `POST`, etc).
* `ERROR_HTTPS_PROXY_REQUEST` - like `ERROR_HTTP_REQUEST`, however the
  packet starts with `CONNE`

Signed-off-by: Michael Boquard <michael@redpanda.com>
(cherry picked from commit 0803e0d)
@michael-redpanda michael-redpanda added this to the v24.3.x-next milestone Jan 10, 2025
@michael-redpanda michael-redpanda requested a review from a team January 10, 2025 00:51
@michael-redpanda michael-redpanda self-assigned this Jan 10, 2025
@michael-redpanda michael-redpanda requested review from pgellert and removed request for a team January 10, 2025 00:51
@michael-redpanda michael-redpanda linked an issue Jan 10, 2025 that may be closed by this pull request
[v24.3.x] [CORE-8754] Handle new TLS error codes #24757
Open
@vbotbuildovich
Copy link
Collaborator

CI test results

test results on build#60558
test_id test_kind job_url test_status passed
rptest.tests.archive_retention_test.CloudArchiveRetentionTest.test_delete.cloud_storage_type=CloudStorageType.S3.retention_type=retention.bytes ducktape https://buildkite.com/redpanda/redpanda/builds/60558#01944e14-813f-471d-808e-e4b8eb2009c5 FLAKY 5/6
rptest.tests.internal_topic_protection_test.InternalTopicProtectionLargeClusterTest.test_consumer_offset_topic ducktape https://buildkite.com/redpanda/redpanda/builds/60558#01944e14-8140-46cb-a0aa-6334e6413b4b FLAKY 5/6

@michael-redpanda michael-redpanda merged commit ae65616 into redpanda-data:v24.3.x Jan 10, 2025
18 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pgellert pgellert pgellert approved these changes

@BenPope BenPope Awaiting requested review from BenPope

@IoannisRP IoannisRP Awaiting requested review from IoannisRP

Assignees

@michael-redpanda michael-redpanda

Labels
area/build area/redpanda
Projects
None yet
Milestone
v24.3.x-next
Development

Successfully merging this pull request may close these issues.

[v24.3.x] [CORE-8754] Handle new TLS error codes
3 participants
@michael-redpanda @vbotbuildovich @pgellert