Remove no-longer supported command-line options

1 year ago · 5df129ff20
parent eed503bf02
commit 5df129ff20
12 changed files with 26 additions and 46 deletions
--- a/cluster/bootstrap_test.go
+++ b/cluster/bootstrap_test.go
@ -190,7 +190,7 @@ func Test_BootstrapperBootSingleNotifyHTTPS(t *testing.T) {
 		return n == 5
 	}

-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err)
 	}
--- a/cluster/join_test.go
+++ b/cluster/join_test.go
@ -109,7 +109,7 @@ func Test_SingleJoinHTTPSOK(t *testing.T) {
 	ts.TLS = &tls.Config{NextProtos: []string{"h2", "http/1.1"}}
 	ts.StartTLS()

-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err.Error())
 	}
--- a/cluster/service_mux_test.go
+++ b/cluster/service_mux_test.go
@ -118,7 +118,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
 	var tlsConfig *tls.Config
 	var err error
 	if remoteEncrypted {
-		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify, false)
+		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify)
 		if err != nil {
 			panic(fmt.Sprintf("failed to create client TLS config: %s", err))
 		}
--- a/cmd/rqlited/flags.go
+++ b/cmd/rqlited/flags.go
@ -47,10 +47,6 @@ type Config struct {
 	// HTTPAdv is the advertised HTTP server network.
 	HTTPAdv string

-	// TLS1011 indicates whether the node should support deprecated
-	// encryption standards.
-	TLS1011 bool
-
 	// AuthFile is the path to the authentication file. May not be set.
 	AuthFile string `filepath:"true"`

@ -76,9 +72,6 @@ type Config struct {
 	// HTTPVerifyClient indicates whether the HTTP server should verify client certificates.
 	HTTPVerifyClient bool

-	// NodeEncrypt indicates whether node encryption should be enabled.
-	NodeEncrypt bool
-
 	// NodeX509CACert is the path to the CA certficate file for when this node verifies
 	// other certificates for any inter-node communications. May not be set.
 	NodeX509CACert string `filepath:"true"`
@ -150,9 +143,6 @@ type Config struct {
 	// OnDiskPath sets the path to the SQLite file. May not be set.
 	OnDiskPath string

-	// OnDiskStartup disables the in-memory on-disk startup optimization.
-	OnDiskStartup bool
-
 	// FKConstraints enables SQLite foreign key constraints.
 	FKConstraints bool

@ -445,13 +435,11 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) {
 	flag.StringVar(&config.NodeID, "node-id", "", "Unique ID for node. If not set, set to advertised Raft address")
 	flag.StringVar(&config.HTTPAddr, HTTPAddrFlag, "localhost:4001", "HTTP server bind address. To enable HTTPS, set X.509 certificate and key")
 	flag.StringVar(&config.HTTPAdv, HTTPAdvAddrFlag, "", "Advertised HTTP address. If not set, same as HTTP server bind address")
-	flag.BoolVar(&config.TLS1011, "tls1011", false, "Support deprecated TLS versions 1.0 and 1.1")
 	flag.StringVar(&config.HTTPx509CACert, "http-ca-cert", "", "Path to X.509 CA certificate for HTTPS")
 	flag.StringVar(&config.HTTPx509Cert, HTTPx509CertFlag, "", "Path to HTTPS X.509 certificate")
 	flag.StringVar(&config.HTTPx509Key, HTTPx509KeyFlag, "", "Path to HTTPS X.509 private key")
 	flag.BoolVar(&config.NoHTTPVerify, "http-no-verify", false, "Skip verification of remote node's HTTPS certificate when joining a cluster")
 	flag.BoolVar(&config.HTTPVerifyClient, "http-verify-client", false, "Enable mutual TLS for HTTPS")
-	flag.BoolVar(&config.NodeEncrypt, "node-encrypt", false, "Ignored, control node-to-node encryption by setting node certificate and key")
 	flag.StringVar(&config.NodeX509CACert, "node-ca-cert", "", "Path to X.509 CA certificate for node-to-node encryption")
 	flag.StringVar(&config.NodeX509Cert, NodeX509CertFlag, "", "Path to X.509 certificate for node-to-node mutual authentication and encryption")
 	flag.StringVar(&config.NodeX509Key, NodeX509KeyFlag, "", "Path to X.509 private key for node-to-node mutual authentication and encryption")
@ -476,7 +464,6 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) {
 	flag.BoolVar(&config.PprofEnabled, "pprof", true, "Serve pprof data on HTTP server")
 	flag.BoolVar(&config.OnDisk, "on-disk", false, "Use an on-disk SQLite database")
 	flag.StringVar(&config.OnDiskPath, "on-disk-path", "", "Path for SQLite on-disk database file. If not set, use a file in data directory")
-	flag.BoolVar(&config.OnDiskStartup, "on-disk-startup", false, "Ignored, on-disk startup optimization control no longer necessary")
 	flag.BoolVar(&config.FKConstraints, "fk", false, "Enable SQLite foreign key constraints")
 	flag.BoolVar(&showVersion, "version", false, "Show version information and exit")
 	flag.BoolVar(&config.RaftNonVoter, "raft-non-voter", false, "Configure as non-voting node")
--- a/cmd/rqlited/main.go
+++ b/cmd/rqlited/main.go
@ -371,7 +371,6 @@ func startHTTPService(cfg *Config, str *store.Store, cltr *cluster.Client, credS
 	s.CACertFile = cfg.HTTPx509CACert
 	s.CertFile = cfg.HTTPx509Cert
 	s.KeyFile = cfg.HTTPx509Key
-	s.TLS1011 = cfg.TLS1011
 	s.ClientVerify = cfg.HTTPVerifyClient
 	s.Expvar = cfg.Expvar
 	s.Pprof = cfg.PprofEnabled
@ -462,7 +461,7 @@ func createClusterClient(cfg *Config, clstr *cluster.Service) (*cluster.Client,
 	var err error
 	if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" {
 		dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key,
-			cfg.NodeX509CACert, cfg.NoNodeVerify, cfg.TLS1011)
+			cfg.NodeX509CACert, cfg.NoNodeVerify)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error())
 		}
@ -629,5 +628,5 @@ func createHTTPTLSConfig(cfg *Config) (*tls.Config, error) {
 		return nil, nil
 	}
 	return rtls.CreateClientConfig(cfg.HTTPx509Cert, cfg.HTTPx509Key, cfg.HTTPx509CACert,
-		cfg.NoHTTPVerify, cfg.TLS1011)
+		cfg.NoHTTPVerify)
 }
--- a/http/service.go
+++ b/http/service.go
@ -303,7 +303,6 @@ type Service struct {
 	CACertFile   string // Path to x509 CA certificate used to verify certificates.
 	CertFile     string // Path to server's own x509 certificate.
 	KeyFile      string // Path to server's own x509 private key.
-	TLS1011      bool   // Whether older, deprecated TLS should be supported.
 	ClientVerify bool   // Whether client certificates should verified.
 	tlsConfig    *tls.Config

@ -356,7 +355,7 @@ func (s *Service) Start() error {
 			return err
 		}
 	} else {
-		s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, !s.ClientVerify, s.TLS1011)
+		s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, !s.ClientVerify)
 		if err != nil {
 			return err
 		}
--- a/rtls/config.go
+++ b/rtls/config.go
@ -14,9 +14,9 @@ import (
 // is true, the client will not verify the server's certificate. If mutual is true,
 // the server will verify the client's certificate. If tls1011 is true, the client will
 // accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2 or higher.
-func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual, tls1011 bool) (*tls.Config, error) {
+func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual bool) (*tls.Config, error) {
 	var err error
-	config := createBaseTLSConfig(noverify, tls1011)
+	config := createBaseTLSConfig(noverify)

 	// load the certificate and key
 	if certFile != "" && keyFile != "" {
@ -57,10 +57,10 @@ func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual, tls101
 // presented by the server. If noverify is true, the client will not verify the server's certificate.
 // If tls1011 is true, the client will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateClientConfig(certFile, keyFile, caCertFile string, noverify, tls1011 bool) (*tls.Config, error) {
+func CreateClientConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
 	var err error

-	config := createBaseTLSConfig(noverify, tls1011)
+	config := createBaseTLSConfig(noverify)
 	if certFile != "" && keyFile != "" {
 		config.Certificates = make([]tls.Certificate, 1)
 		config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
@ -89,10 +89,10 @@ func CreateClientConfig(certFile, keyFile, caCertFile string, noverify, tls1011
 // client. If noverify is true, the server will not verify the client's certificate. If
 // tls1011 is true, the server will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateServerConfig(certFile, keyFile, caCertFile string, noverify, tls1011 bool) (*tls.Config, error) {
+func CreateServerConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
 	var err error

-	config := createBaseTLSConfig(false, tls1011)
+	config := createBaseTLSConfig(false)
 	config.Certificates = make([]tls.Certificate, 1)
 	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
@ -115,15 +115,10 @@ func CreateServerConfig(certFile, keyFile, caCertFile string, noverify, tls1011
 	return config, nil
 }

-func createBaseTLSConfig(noverify, tls1011 bool) *tls.Config {
-	var minTLS = uint16(tls.VersionTLS12)
-	if tls1011 {
-		minTLS = tls.VersionTLS10
-	}
-
+func createBaseTLSConfig(noverify bool) *tls.Config {
 	return &tls.Config{
 		InsecureSkipVerify: noverify,
 		NextProtos:         []string{"h2", "http/1.1"},
-		MinVersion:         minTLS,
+		MinVersion:         uint16(tls.VersionTLS12),
 	}
 }
--- a/rtls/config_test.go
+++ b/rtls/config_test.go
@ -26,7 +26,7 @@ func Test_CreateConfig(t *testing.T) {
 	caCertFile := mustWriteTempFile(t, caCertPEM)

 	// create a config with no server or client verification
-	config, err := CreateConfig(certFile, keyFile, caCertFile, true, false, false)
+	config, err := CreateConfig(certFile, keyFile, caCertFile, true, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@ -69,7 +69,7 @@ func Test_CreateConfig(t *testing.T) {
 	}

 	// create a config with server cert verification only
-	config, err = CreateConfig(certFile, keyFile, caCertFile, false, false, false)
+	config, err = CreateConfig(certFile, keyFile, caCertFile, false, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@ -81,7 +81,7 @@ func Test_CreateConfig(t *testing.T) {
 	}

 	// create a config with both server and client verification
-	config, err = CreateConfig(certFile, keyFile, "", false, true, false)
+	config, err = CreateConfig(certFile, keyFile, "", false, true)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@ -103,7 +103,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)

 	// create a server config with no client verification
-	config, err := CreateServerConfig(certFile, keyFile, "", true, false)
+	config, err := CreateServerConfig(certFile, keyFile, "", true)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@ -130,7 +130,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	}

 	// create a server config with client verification
-	config, err = CreateServerConfig(certFile, keyFile, "", false, false)
+	config, err = CreateServerConfig(certFile, keyFile, "", false)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@ -149,7 +149,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)

 	// create a client config with no server verification
-	config, err := CreateClientConfig(certFile, keyFile, "", true, false)
+	config, err := CreateClientConfig(certFile, keyFile, "", true)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}
@ -176,7 +176,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	}

 	// create a client config with server verification
-	config, err = CreateClientConfig(certFile, keyFile, "", false, false)
+	config, err = CreateClientConfig(certFile, keyFile, "", false)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}
--- a/system_test/cluster_test.go
+++ b/system_test/cluster_test.go
@ -504,7 +504,7 @@ func Test_MultiNodeClusterBootstrapLaterJoinHTTPS(t *testing.T) {
 	node3.Store.BootstrapExpect = 3
 	defer node3.Deprovision()

-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err)
 	}
--- a/system_test/request_forwarding_test.go
+++ b/system_test/request_forwarding_test.go
@ -381,7 +381,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
 	var tlsConfig *tls.Config
 	var err error
 	if remoteEncrypted {
-		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify, false)
+		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify)
 		if err != nil {
 			panic(fmt.Sprintf("failed to create client TLS config: %s", err))
 		}
--- a/tcp/dialer_test.go
+++ b/tcp/dialer_test.go
@ -57,7 +57,7 @@ func Test_DialerHeaderTLS(t *testing.T) {
 	defer os.Remove(key)
 	go s.Start(t)

-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err.Error())
 	}
@ -154,7 +154,7 @@ func mustNewEchoServerTLS() (*echoServer, string, string) {
 	cert := x509.CertFile("")
 	key := x509.KeyFile("")

-	tlsConfig, err := rtls.CreateServerConfig(cert, key, "", true, false)
+	tlsConfig, err := rtls.CreateServerConfig(cert, key, "", true)
 	if err != nil {
 		panic("failed to create TLS config")
 	}
--- a/tcp/mux.go
+++ b/tcp/mux.go
@ -103,7 +103,7 @@ func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert string, insecure
 		return nil, err
 	}

-	mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, insecure, mutual, false)
+	mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, insecure, mutual)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create TLS config: %s", err)
 	}