More end-to-end node encryption testing

3 years ago · 47a1b88a64
parent 2c2be47ede
commit 47a1b88a64
3 changed files with 22 additions and 5 deletions
--- a/cmd/rqlited/main.go
+++ b/cmd/rqlited/main.go
@ -105,7 +105,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("failed to create cluster service: %s", err.Error())
 	}
-	log.Printf("Cluster TCP mux Listener registered with %d", cluster.MuxClusterHeader)
+	log.Printf("cluster TCP mux Listener registered with %d", cluster.MuxClusterHeader)

 	// Start the HTTP API server.
 	clstrDialer := tcp.NewDialer(cluster.MuxClusterHeader, cfg.NodeEncrypt, cfg.NoNodeVerify)
--- a/system_test/full_system_test.py
+++ b/system_test/full_system_test.py
@ -846,6 +846,23 @@ class TestEndToEndEncryptedNode(TestEndToEnd):
    n2.wait_for_leader()

    self.cluster = Cluster([n0, n1, n2])
+
+class TestSingleNodeEncryptedNoVerify(unittest.TestCase):
+  def test(self):
+    ''' Test that a joining node will not operate if remote cert can't be trusted'''
+    certFile = write_random_file(x509cert)
+    keyFile = write_random_file(x509key)
+
+    n0 = Node(RQLITED_PATH, '0', node_cert=certFile, node_key=keyFile, node_no_verify=False)
+    n0.start()
+    n0.wait_for_leader()
+
+    n1 = Node(RQLITED_PATH, '1', node_cert=certFile, node_key=keyFile, node_no_verify=False)
+    n1.start(join=n0.APIAddr())
+    self.assertRaises(Exception, n1.wait_for_leader) # Join should fail due to bad cert.
+
+    deprovision_node(n0)
+    deprovision_node(n1)
    
 class TestEndToEndAdvAddr(TestEndToEnd):
  def setUp(self):
--- a/tcp/mux.go
+++ b/tcp/mux.go
@ -192,7 +192,7 @@ func (mux *Mux) handleConn(conn net.Conn) {
 	// Set a read deadline so connections with no data don't timeout.
 	if err := conn.SetReadDeadline(time.Now().Add(mux.Timeout)); err != nil {
 		conn.Close()
-		mux.Logger.Printf("tcp.Mux: cannot set read deadline: %s", err)
+		mux.Logger.Printf("cannot set read deadline: %s", err)
 		return
 	}

@ -200,14 +200,14 @@ func (mux *Mux) handleConn(conn net.Conn) {
 	var typ [1]byte
 	if _, err := io.ReadFull(conn, typ[:]); err != nil {
 		conn.Close()
-		mux.Logger.Printf("tcp.Mux: cannot read header byte: %s", err)
+		mux.Logger.Printf("cannot read header byte: %s", err)
 		return
 	}

 	// Reset read deadline and let the listener handle that.
 	if err := conn.SetReadDeadline(time.Time{}); err != nil {
 		conn.Close()
-		mux.Logger.Printf("tcp.Mux: cannot reset set read deadline: %s", err)
+		mux.Logger.Printf("cannot reset set read deadline: %s", err)
 		return
 	}

@ -216,7 +216,7 @@ func (mux *Mux) handleConn(conn net.Conn) {
 	if handler == nil {
 		conn.Close()
 		stats.Add(numUnregisteredHandlers, 1)
-		mux.Logger.Printf("tcp.Mux: handler not registered for request from %s: %d (unsupported protocol?)",
+		mux.Logger.Printf("handler not registered for request from %s: %d (unsupported protocol?)",
 			conn.RemoteAddr().String(), typ[0])
 		return
 	}