alihan/rqlite-distributed-sql
1
0
Fork 0
mirror of https://github.com/rqlite/rqlite.git synced 2022-10-30 02:37:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

More end-to-end node encryption testing

Browse Source
This commit is contained in:
Philip O'Toole
2022-02-07 08:57:41 -05:00
parent 2c2be47ede
commit 47a1b88a64
3 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/rqlited/main.go
View File

@@ -105,7 +105,7 @@ func main() {
if err != nil {
log.Fatalf("failed to create cluster service: %s", err.Error())
}
log.Printf("Cluster TCP mux Listener registered with %d", cluster.MuxClusterHeader)
log.Printf("cluster TCP mux Listener registered with %d", cluster.MuxClusterHeader)
// Start the HTTP API server.
clstrDialer := tcp.NewDialer(cluster.MuxClusterHeader, cfg.NodeEncrypt, cfg.NoNodeVerify)

17
system_test/full_system_test.py
View File

@@ -846,6 +846,23 @@ class TestEndToEndEncryptedNode(TestEndToEnd):
n2.wait_for_leader()
self.cluster = Cluster([n0, n1, n2])
class TestSingleNodeEncryptedNoVerify(unittest.TestCase):
def test(self):
''' Test that a joining node will not operate if remote cert can't be trusted'''
certFile = write_random_file(x509cert)
keyFile = write_random_file(x509key)
n0 = Node(RQLITED_PATH, '0', node_cert=certFile, node_key=keyFile, node_no_verify=False)
n0.start()
n0.wait_for_leader()
n1 = Node(RQLITED_PATH, '1', node_cert=certFile, node_key=keyFile, node_no_verify=False)
n1.start(join=n0.APIAddr())
self.assertRaises(Exception, n1.wait_for_leader) # Join should fail due to bad cert.
deprovision_node(n0)
deprovision_node(n1)
class TestEndToEndAdvAddr(TestEndToEnd):
def setUp(self):

8
tcp/mux.go
View File

@@ -192,7 +192,7 @@ func (mux *Mux) handleConn(conn net.Conn) {
// Set a read deadline so connections with no data don't timeout.
if err := conn.SetReadDeadline(time.Now().Add(mux.Timeout)); err != nil {
conn.Close()
mux.Logger.Printf("tcp.Mux: cannot set read deadline: %s", err)
mux.Logger.Printf("cannot set read deadline: %s", err)
return
}
@@ -200,14 +200,14 @@ func (mux *Mux) handleConn(conn net.Conn) {
var typ [1]byte
if _, err := io.ReadFull(conn, typ[:]); err != nil {
conn.Close()
mux.Logger.Printf("tcp.Mux: cannot read header byte: %s", err)
mux.Logger.Printf("cannot read header byte: %s", err)
return
}
// Reset read deadline and let the listener handle that.
if err := conn.SetReadDeadline(time.Time{}); err != nil {
conn.Close()
mux.Logger.Printf("tcp.Mux: cannot reset set read deadline: %s", err)
mux.Logger.Printf("cannot reset set read deadline: %s", err)
return
}
@@ -216,7 +216,7 @@ func (mux *Mux) handleConn(conn net.Conn) {
if handler == nil {
conn.Close()
stats.Add(numUnregisteredHandlers, 1)
mux.Logger.Printf("tcp.Mux: handler not registered for request from %s: %d (unsupported protocol?)",
mux.Logger.Printf("handler not registered for request from %s: %d (unsupported protocol?)",
conn.RemoteAddr().String(), typ[0])
return
}