From 47a1b88a6448960c5c3296b233a412c2973a085d Mon Sep 17 00:00:00 2001
From: Philip O'Toole <philip.otoole@yahoo.com>
Date: Mon, 7 Feb 2022 08:57:41 -0500
Subject: [PATCH] More end-to-end node encryption testing

---
 cmd/rqlited/main.go             |  2 +-
 system_test/full_system_test.py | 17 +++++++++++++++++
 tcp/mux.go                      |  8 ++++----
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/cmd/rqlited/main.go b/cmd/rqlited/main.go
index 2c791454..f57f2d07 100644
--- a/cmd/rqlited/main.go
+++ b/cmd/rqlited/main.go
@@ -105,7 +105,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("failed to create cluster service: %s", err.Error())
 	}
-	log.Printf("Cluster TCP mux Listener registered with %d", cluster.MuxClusterHeader)
+	log.Printf("cluster TCP mux Listener registered with %d", cluster.MuxClusterHeader)
 
 	// Start the HTTP API server.
 	clstrDialer := tcp.NewDialer(cluster.MuxClusterHeader, cfg.NodeEncrypt, cfg.NoNodeVerify)
diff --git a/system_test/full_system_test.py b/system_test/full_system_test.py
index 3b365d9a..79288829 100644
--- a/system_test/full_system_test.py
+++ b/system_test/full_system_test.py
@@ -846,6 +846,23 @@ class TestEndToEndEncryptedNode(TestEndToEnd):
     n2.wait_for_leader()
 
     self.cluster = Cluster([n0, n1, n2])
+
+class TestSingleNodeEncryptedNoVerify(unittest.TestCase):
+  def test(self):
+    ''' Test that a joining node will not operate if remote cert can't be trusted'''
+    certFile = write_random_file(x509cert)
+    keyFile = write_random_file(x509key)
+
+    n0 = Node(RQLITED_PATH, '0', node_cert=certFile, node_key=keyFile, node_no_verify=False)
+    n0.start()
+    n0.wait_for_leader()
+
+    n1 = Node(RQLITED_PATH, '1', node_cert=certFile, node_key=keyFile, node_no_verify=False)
+    n1.start(join=n0.APIAddr())
+    self.assertRaises(Exception, n1.wait_for_leader) # Join should fail due to bad cert.
+
+    deprovision_node(n0)
+    deprovision_node(n1)
     
 class TestEndToEndAdvAddr(TestEndToEnd):
   def setUp(self):
diff --git a/tcp/mux.go b/tcp/mux.go
index 653c8602..d6b771ab 100644
--- a/tcp/mux.go
+++ b/tcp/mux.go
@@ -192,7 +192,7 @@ func (mux *Mux) handleConn(conn net.Conn) {
 	// Set a read deadline so connections with no data don't timeout.
 	if err := conn.SetReadDeadline(time.Now().Add(mux.Timeout)); err != nil {
 		conn.Close()
-		mux.Logger.Printf("tcp.Mux: cannot set read deadline: %s", err)
+		mux.Logger.Printf("cannot set read deadline: %s", err)
 		return
 	}
 
@@ -200,14 +200,14 @@ func (mux *Mux) handleConn(conn net.Conn) {
 	var typ [1]byte
 	if _, err := io.ReadFull(conn, typ[:]); err != nil {
 		conn.Close()
-		mux.Logger.Printf("tcp.Mux: cannot read header byte: %s", err)
+		mux.Logger.Printf("cannot read header byte: %s", err)
 		return
 	}
 
 	// Reset read deadline and let the listener handle that.
 	if err := conn.SetReadDeadline(time.Time{}); err != nil {
 		conn.Close()
-		mux.Logger.Printf("tcp.Mux: cannot reset set read deadline: %s", err)
+		mux.Logger.Printf("cannot reset set read deadline: %s", err)
 		return
 	}
 
@@ -216,7 +216,7 @@ func (mux *Mux) handleConn(conn net.Conn) {
 	if handler == nil {
 		conn.Close()
 		stats.Add(numUnregisteredHandlers, 1)
-		mux.Logger.Printf("tcp.Mux: handler not registered for request from %s: %d (unsupported protocol?)",
+		mux.Logger.Printf("handler not registered for request from %s: %d (unsupported protocol?)",
 			conn.RemoteAddr().String(), typ[0])
 		return
 	}