Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support https with server certificate #423

Merged
merged 4 commits into from
Oct 25, 2018
Merged

Support https with server certificate #423

merged 4 commits into from
Oct 25, 2018

Conversation

nolanmar511
Copy link
Contributor

Fixes #244

@nolanmar511 nolanmar511 force-pushed the https-fetch branch 3 times, most recently from 5005c25 to f35fea4 Compare October 3, 2018 17:03
@codecov-io
Copy link

codecov-io commented Oct 3, 2018
edited
Loading

Codecov Report

Merging #423 into master will increase coverage by 0.09%.
The diff coverage is 45.45%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #423      +/-   ##
==========================================
+ Coverage   67.59%   67.68%   +0.09%     
==========================================
  Files          36       37       +1     
  Lines        7607     7588      -19     
==========================================
- Hits         5142     5136       -6     
+ Misses       2060     2047      -13     
  Partials      405      405
Impacted Files Coverage Δ
internal/symbolizer/symbolizer.go 38.09% <0%> (+1.73%) ⬆️
internal/driver/options.go 54.05% <100%> (+25.02%) ⬆️
internal/driver/fetch.go 67.59% <100%> (-0.76%) ⬇️
internal/driver/flags.go 13.79% <13.79%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update baeddb8...7b49a94. Read the comment docs.

@nolanmar511 nolanmar511 requested review from rauls5382 and aalexand and removed request for rauls5382 October 5, 2018 16:02
@aalexand
Copy link
Collaborator

aalexand commented Oct 9, 2018

@nolanmar511 FWIW, there is a commit "Merge branch 'master' into https-fetch" in this PR, that's unexpected - the right way to update against the current master is to rebase, not to merge. The commit shows up as empty though, so perhaps it can be just removed or something.

aalexand
aalexand reviewed Oct 9, 2018
View reviewed changes
Copy link
Collaborator

@aalexand aalexand left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should rework the "Fetching profiles" section to organically (i.e. throughout all the text where applicable, not just as a separate paragraph) incorporate the documentation of the support for the profile fetch from TLS-protected server endpoints. Perhaps mention https://docs.docker.com/engine/security/https/ at some point to point to the resemblance of the flag names, server setup and the overall flow.

@nolanmar511
Copy link
Contributor Author

Rebased and updated documentation.
PTAL

aalexand
aalexand reviewed Oct 19, 2018
View reviewed changes
Copy link
Collaborator

@aalexand aalexand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one comment.

doc/README.md
@@ -270,6 +270,18 @@ wait for the profile.
profile over http. If not specified, pprof will use heuristics to determine a
reasonable timeout.

pprof also accepts options which allow a user to specify TLS certificates to
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you rework the first paragraph in this section to mention this capability. Also, can we mention https+insecure thing as well? Basically I think the first paragraph needs a bit of holistic update to make it more of an overview with subsequent paragraphs diving into the details.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made a very small change to the first paragraph, but I'm having a hard time figuring this documentation -- I think I might not understand http protocols and pprof's use cases well enough right now to make this clear.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"https+insecure" is not a protocol, it's a hack to disable the server's certificate validation on the client side.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@nolanmar511
Copy link
Contributor Author

PTAL

@aalexand aalexand changed the title support https with certificate Support https with server certificate Oct 25, 2018
@aalexand aalexand merged commit b44fece into google:master Oct 25, 2018
@nolanmar511 nolanmar511 mentioned this pull request Jan 7, 2019
Closed
gmarin13 pushed a commit to gmarin13/pprof that referenced this pull request Dec 17, 2020
@nolanmar511
support https with certificate (google#423)
1d6279c 
Support https with server certificate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aalexand aalexand aalexand approved these changes

@rauls5382 rauls5382 Awaiting requested review from rauls5382

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nolanmar511 @codecov-io @aalexand @googlebot