fluidB
/
fluidb-old
1
0
Fork 0
Code Pull Requests Activity

More client-only use for ServerName

Browse Source
master
Philip O'Toole 9 months ago
parent f41fb5de9e
commit 58d6f1a260
7 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File

2
cluster/service_mux_test.go
Unescape Escape View File

@ -106,7 +106,7 @@ func mustNewTLSMux() (net.Listener, *tcp.Mux) {
key := x509.KeyFile("") key := x509.KeyFile("")
defer os.Remove(key) defer os.Remove(key)
mux, err := tcp.NewTLSMux(ln, nil, cert, key, "", "", true, false) mux, err := tcp.NewTLSMux(ln, nil, cert, key, "", true, false)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to create TLS mux: %s", err)) panic(fmt.Sprintf("failed to create TLS mux: %s", err))
} }

4
cmd/rqlited/main.go
Unescape Escape View File

@ -405,7 +405,7 @@ func startNodeMux(cfg *Config, ln net.Listener) (*tcp.Mux, error) {
} }
log.Println(b.String()) log.Println(b.String())
mux, err = tcp.NewTLSMux(ln, adv, cfg.NodeX509Cert, cfg.NodeX509Key, cfg.NodeX509CACert, mux, err = tcp.NewTLSMux(ln, adv, cfg.NodeX509Cert, cfg.NodeX509Key, cfg.NodeX509CACert,
cfg.NodeVerifyClientName, cfg.NoNodeVerify, cfg.NodeVerifyClient) cfg.NoNodeVerify, cfg.NodeVerifyClient)
} else { } else {
mux, err = tcp.NewMux(ln, adv) mux, err = tcp.NewMux(ln, adv)
} }
@ -439,7 +439,7 @@ func createClusterClient(cfg *Config, clstr *cluster.Service) (*cluster.Client,
var err error var err error
if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" { if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" {
dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key, dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key,
cfg.NodeVerifyClientName, cfg.NodeX509CACert, cfg.NoNodeVerify) cfg.NodeVerifyServerName, cfg.NodeX509CACert, cfg.NoNodeVerify)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error()) return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error())
} }

2
system_test/helpers.go
Unescape Escape View File

@ -775,7 +775,7 @@ func mustNewOpenTLSMux(certFile, keyPath, addr string) *tcp.Mux {
} }
var mux *tcp.Mux var mux *tcp.Mux
mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "", "", true, false) mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "", true, false)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to create node-to-node mux: %s", err.Error())) panic(fmt.Sprintf("failed to create node-to-node mux: %s", err.Error()))
} }

2
system_test/request_forwarding_test.go
Unescape Escape View File

@ -381,7 +381,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
var tlsConfig *tls.Config var tlsConfig *tls.Config
var err error var err error
if remoteEncrypted { if remoteEncrypted {
tlsConfig, err = rtls.CreateClientConfig("", "", "", "", skipVerify) tlsConfig, err = rtls.CreateClientConfig("", "", rtls.NoCACert, rtls.NoServerName, skipVerify)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to create client TLS config: %s", err)) panic(fmt.Sprintf("failed to create client TLS config: %s", err))
} }

2
tcp/dialer_test.go
Unescape Escape View File

@ -57,7 +57,7 @@ func Test_DialerHeaderTLS(t *testing.T) {
defer os.Remove(key) defer os.Remove(key)
go s.Start(t) go s.Start(t)
tlsConfig, err := rtls.CreateClientConfig("", "", "", "", true) tlsConfig, err := rtls.CreateClientConfig("", "", rtls.NoCACert, rtls.NoServerName, true)
if err != nil { if err != nil {
t.Fatalf("failed to create TLS config: %s", err.Error()) t.Fatalf("failed to create TLS config: %s", err.Error())
} }

2
tcp/mux.go
Unescape Escape View File

@ -97,7 +97,7 @@ func NewMux(ln net.Listener, adv net.Addr) (*Mux, error) {
// using TLS. If adv is nil, then the addr of ln is used. If insecure is true, // using TLS. If adv is nil, then the addr of ln is used. If insecure is true,
// then the server will not verify the client's certificate. If mutual is true, // then the server will not verify the client's certificate. If mutual is true,
// then the server will require the client to present a trusted certificate. // then the server will require the client to present a trusted certificate.
func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert, serverName string, insecure, mutual bool) (*Mux, error) { func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert string, insecure, mutual bool) (*Mux, error) {
mux, err := NewMux(ln, adv) mux, err := NewMux(ln, adv)
if err != nil { if err != nil {
return nil, err return nil, err

4
tcp/mux_test.go
Unescape Escape View File

@ -176,7 +176,7 @@ func TestTLSMux(t *testing.T) {
key := x509.KeyFile("") key := x509.KeyFile("")
defer os.Remove(key) defer os.Remove(key)
mux, err := NewTLSMux(tcpListener, nil, cert, key, "", "", true, false) mux, err := NewTLSMux(tcpListener, nil, cert, key, "", true, false)
if err != nil { if err != nil {
t.Fatalf("failed to create mux: %s", err.Error()) t.Fatalf("failed to create mux: %s", err.Error())
} }
@ -199,7 +199,7 @@ func TestTLSMux(t *testing.T) {
func TestTLSMux_Fail(t *testing.T) { func TestTLSMux_Fail(t *testing.T) {
tcpListener := mustTCPListener("127.0.0.1:0") tcpListener := mustTCPListener("127.0.0.1:0")
defer tcpListener.Close() defer tcpListener.Close()
_, err := NewTLSMux(tcpListener, nil, "xxxx", "yyyy", "", "", true, false) _, err := NewTLSMux(tcpListener, nil, "xxxx", "yyyy", "", true, false)
if err == nil { if err == nil {
t.Fatalf("created mux unexpectedly with bad resources") t.Fatalf("created mux unexpectedly with bad resources")
} }

Write Preview
Loading…
Cancel
Save