From 40e1edafbf35fc410ce92714744f4647a9550794 Mon Sep 17 00:00:00 2001 From: Ryan Hamilton Date: Fri, 25 Aug 2023 13:51:59 -0700 Subject: [PATCH] quic: Remove envoy.reloadable_features.reject_require_client_certificate_with_quic (#29119) Signed-off-by: Ryan Hamilton --- changelogs/current.yaml | 4 ++++ source/common/quic/quic_transport_socket_factory.cc | 4 +--- source/common/runtime/runtime_features.cc | 1 - 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/changelogs/current.yaml b/changelogs/current.yaml index fec66a0e1cf0..11b2d6fc2436 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -60,6 +60,10 @@ removed_config_or_runtime: change: | Removed ``envoy.restart_features.use_apple_api_for_dns_lookups`` and legacy code paths. +- area: quic + change: | + Removed ``envoy.reloadable_features.reject_require_client_certificate_with_quic`` and legacy code paths. + new_features: - area: access_log change: | diff --git a/source/common/quic/quic_transport_socket_factory.cc b/source/common/quic/quic_transport_socket_factory.cc index f7f21ef5db8f..b038c0eb2b0d 100644 --- a/source/common/quic/quic_transport_socket_factory.cc +++ b/source/common/quic/quic_transport_socket_factory.cc @@ -23,9 +23,7 @@ QuicServerTransportSocketConfigFactory::createTransportSocketFactory( auto server_config = std::make_unique( quic_transport.downstream_tls_context(), context); // TODO(RyanTheOptimist): support TLS client authentication. - if (server_config->requireClientCertificate() && - Runtime::runtimeFeatureEnabled( - "envoy.reloadable_features.reject_require_client_certificate_with_quic")) { + if (server_config->requireClientCertificate()) { throw EnvoyException("TLS Client Authentication is not supported over QUIC"); } diff --git a/source/common/runtime/runtime_features.cc b/source/common/runtime/runtime_features.cc index 3c5c08e176ec..87ce045c2106 100644 --- a/source/common/runtime/runtime_features.cc +++ b/source/common/runtime/runtime_features.cc @@ -68,7 +68,6 @@ RUNTIME_GUARD(envoy_reloadable_features_original_dst_rely_on_idle_timeout); RUNTIME_GUARD(envoy_reloadable_features_overload_manager_error_unknown_action); RUNTIME_GUARD(envoy_reloadable_features_prohibit_route_refresh_after_response_headers_sent); RUNTIME_GUARD(envoy_reloadable_features_quic_defer_logging_to_ack_listener); -RUNTIME_GUARD(envoy_reloadable_features_reject_require_client_certificate_with_quic); RUNTIME_GUARD(envoy_reloadable_features_sanitize_original_path); RUNTIME_GUARD(envoy_reloadable_features_send_header_raw_value); RUNTIME_GUARD(envoy_reloadable_features_service_sanitize_non_utf8_strings);