chvancooten
commented
6 months ago This is great! Thank you so much for getting rid of some of the technical debt 😅. Great fixes, and wonderful implementation! 💯
Closed yamakadi closed 6 months ago
chvancooten
commented
6 months ago This is great! Thank you so much for getting rid of some of the technical debt 😅. Great fixes, and wonderful implementation! 💯
This PR fixes two issues, increases the supported certificate version, adds more verbose messaging around errors, and also logs any external IP changes:
catis run on a non-utf8 encoded file, the server won't be able to parse the task results. The approach in this PR uses fallback encodings to see if we can decode the result with any other encodings, and if we can, re-encodes everything with utf8.For my use cases,
shift_jisandeuc-jpare enough. The exact order and number of fallback encodings are up for debate and this could be a config option, so users who don't need the flexibility can disable it.downloadcommand gzips and encrypts the target file before uploading it to the server. Since encryption happens after compression, the request content is base64 instead of gzipped bytes. If we have theContent-Encoding: gzipheader when the content is base64, services such as AWS Lambda where a request is fully parsed before getting passed to the backend, the request will fail with 415 Unsupported Media Type. Removing theContent-Encoding: gzipheader fixes this issue.An alternative would be reversing the compress/encrypt order, but compressing an encrypted blob would yield bigger file sizes.
The current server allows https connections from SSLv3 upwards. Rust clients can complain about this, and since we control both server and client, there's no need to support such old methods. This PR updates
ssl_versionto TLS 1.2.Currently, it's difficult to debug why a request was rejected or where an exception occurred. I have increased the verbosity of
all_exception_handlerwith adump_debug_info_for_exceptionmethod and updated hownotifyBadRequestworks to give better guidance on why a request might have been rejected.Logging changes in external ip address would allow better accounting, since as it is now, we'd only have access to the latest external ip.