fluidB
/
fluidb-old
1
0
Fork 0
Code Pull Requests Activity

Thread it through

Browse Source
master
Philip O'Toole 9 months ago
parent 54ec6c3d60
commit 6dc05a99df
10 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File

4
cluster/service_mux_test.go
Unescape Escape View File

@ -106,7 +106,7 @@ func mustNewTLSMux() (net.Listener, *tcp.Mux) {
key := x509.KeyFile("") key := x509.KeyFile("")
defer os.Remove(key) defer os.Remove(key)
mux, err := tcp.NewTLSMux(ln, nil, cert, key, "", true, false) mux, err := tcp.NewTLSMux(ln, nil, cert, key, "", "", true, false)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to create TLS mux: %s", err)) panic(fmt.Sprintf("failed to create TLS mux: %s", err))
} }
@ -118,7 +118,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
var tlsConfig *tls.Config var tlsConfig *tls.Config
var err error var err error
if remoteEncrypted { if remoteEncrypted {
tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify) tlsConfig, err = rtls.CreateClientConfig("", "", "", "", skipVerify)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to create client TLS config: %s", err)) panic(fmt.Sprintf("failed to create client TLS config: %s", err))
} }

5
cmd/rqlite/main.go
Unescape Escape View File

@ -42,6 +42,7 @@ type argT struct {
Prefix string `cli:"P,prefix" usage:"rqlited HTTP URL prefix" dft:"/"` Prefix string `cli:"P,prefix" usage:"rqlited HTTP URL prefix" dft:"/"`
Insecure bool `cli:"i,insecure" usage:"do not verify rqlited HTTPS certificate" dft:"false"` Insecure bool `cli:"i,insecure" usage:"do not verify rqlited HTTPS certificate" dft:"false"`
CACert string `cli:"c,ca-cert" usage:"path to trusted X.509 root CA certificate"` CACert string `cli:"c,ca-cert" usage:"path to trusted X.509 root CA certificate"`
ServerName string `cli:"n,verify-name" usage:"used to verify the hostname on the returned certificates"`
ClientCert string `cli:"d,client-cert" usage:"path to client X.509 certificate for mTLS"` ClientCert string `cli:"d,client-cert" usage:"path to client X.509 certificate for mTLS"`
ClientKey string `cli:"k,client-key" usage:"path to client X.509 key for mTLS"` ClientKey string `cli:"k,client-key" usage:"path to client X.509 key for mTLS"`
Credentials string `cli:"u,user" usage:"set basic auth credentials in form username:password"` Credentials string `cli:"u,user" usage:"set basic auth credentials in form username:password"`
@ -393,7 +394,7 @@ func getNodes(client *http.Client, argv *argT) (Nodes, error) {
} }
func getHTTPClient(argv *argT) (*http.Client, error) { func getHTTPClient(argv *argT) (*http.Client, error) {
tlsConfig, err := rtls.CreateClientConfig(argv.ClientCert, argv.ClientKey, argv.CACert, argv.Insecure) tlsConfig, err := rtls.CreateClientConfig(argv.ClientCert, argv.ClientKey, argv.CACert, argv.ServerName, argv.Insecure)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -449,7 +450,7 @@ func getVersionWithClient(client *http.Client, argv *argT) (string, error) {
func sendRequest(ctx *cli.Context, makeNewRequest func(string) (*http.Request, error), urlStr string, argv *argT) (*[]byte, error) { func sendRequest(ctx *cli.Context, makeNewRequest func(string) (*http.Request, error), urlStr string, argv *argT) (*[]byte, error) {
url := urlStr url := urlStr
tlsConfig, err := rtls.CreateClientConfig(argv.ClientCert, argv.ClientKey, argv.CACert, argv.Insecure) tlsConfig, err := rtls.CreateClientConfig(argv.ClientCert, argv.ClientKey, argv.CACert, argv.ServerName, argv.Insecure)
if err != nil { if err != nil {
return nil, err return nil, err
} }

4
cmd/rqlited/main.go
Unescape Escape View File

@ -405,7 +405,7 @@ func startNodeMux(cfg *Config, ln net.Listener) (*tcp.Mux, error) {
} }
log.Println(b.String()) log.Println(b.String())
mux, err = tcp.NewTLSMux(ln, adv, cfg.NodeX509Cert, cfg.NodeX509Key, cfg.NodeX509CACert, mux, err = tcp.NewTLSMux(ln, adv, cfg.NodeX509Cert, cfg.NodeX509Key, cfg.NodeX509CACert,
cfg.NoNodeVerify, cfg.NodeVerifyClient) cfg.NodeVerifyClientName, cfg.NoNodeVerify, cfg.NodeVerifyClient)
} else { } else {
mux, err = tcp.NewMux(ln, adv) mux, err = tcp.NewMux(ln, adv)
} }
@ -439,7 +439,7 @@ func createClusterClient(cfg *Config, clstr *cluster.Service) (*cluster.Client,
var err error var err error
if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" { if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" {
dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key, dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key,
cfg.NodeX509CACert, cfg.NoNodeVerify) cfg.NodeVerifyClientName, cfg.NodeX509CACert, cfg.NoNodeVerify)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error()) return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error())
} }

2
http/preflight_test.go
Unescape Escape View File

@ -101,7 +101,7 @@ func Test_IsServingHTTP_OpenPortTLS(t *testing.T) {
} }
certFile := mustWriteTempFile(t, cert) certFile := mustWriteTempFile(t, cert)
keyFile := mustWriteTempFile(t, key) keyFile := mustWriteTempFile(t, key)
tlsConfig, err := rtls.CreateServerConfig(certFile, keyFile, "", false) tlsConfig, err := rtls.CreateServerConfig(certFile, keyFile, "", "", false)
if err != nil { if err != nil {
t.Fatalf("failed to create TLS config: %s", err) t.Fatalf("failed to create TLS config: %s", err)
} }

2
http/service.go
Unescape Escape View File

@ -370,7 +370,7 @@ func (s *Service) Start() error {
return err return err
} }
} else { } else {
s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, !s.ClientVerify) s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, "", !s.ClientVerify)
if err != nil { if err != nil {
return err return err
} }

2
system_test/helpers.go
Unescape Escape View File

@ -775,7 +775,7 @@ func mustNewOpenTLSMux(certFile, keyPath, addr string) *tcp.Mux {
} }
var mux *tcp.Mux var mux *tcp.Mux
mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "", true, false) mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "", "", true, false)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to create node-to-node mux: %s", err.Error())) panic(fmt.Sprintf("failed to create node-to-node mux: %s", err.Error()))
} }

2
system_test/request_forwarding_test.go
Unescape Escape View File

@ -381,7 +381,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
var tlsConfig *tls.Config var tlsConfig *tls.Config
var err error var err error
if remoteEncrypted { if remoteEncrypted {
tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify) tlsConfig, err = rtls.CreateClientConfig("", "", "", "", skipVerify)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to create client TLS config: %s", err)) panic(fmt.Sprintf("failed to create client TLS config: %s", err))
} }

4
tcp/dialer_test.go
Unescape Escape View File

@ -57,7 +57,7 @@ func Test_DialerHeaderTLS(t *testing.T) {
defer os.Remove(key) defer os.Remove(key)
go s.Start(t) go s.Start(t)
tlsConfig, err := rtls.CreateClientConfig("", "", "", true) tlsConfig, err := rtls.CreateClientConfig("", "", "", "", true)
if err != nil { if err != nil {
t.Fatalf("failed to create TLS config: %s", err.Error()) t.Fatalf("failed to create TLS config: %s", err.Error())
} }
@ -154,7 +154,7 @@ func mustNewEchoServerTLS() (*echoServer, string, string) {
cert := x509.CertFile("") cert := x509.CertFile("")
key := x509.KeyFile("") key := x509.KeyFile("")
tlsConfig, err := rtls.CreateServerConfig(cert, key, "", true) tlsConfig, err := rtls.CreateServerConfig(cert, key, "", "", true)
if err != nil { if err != nil {
panic("failed to create TLS config") panic("failed to create TLS config")
} }

4
tcp/mux.go
Unescape Escape View File

@ -97,13 +97,13 @@ func NewMux(ln net.Listener, adv net.Addr) (*Mux, error) {
// using TLS. If adv is nil, then the addr of ln is used. If insecure is true, // using TLS. If adv is nil, then the addr of ln is used. If insecure is true,
// then the server will not verify the client's certificate. If mutual is true, // then the server will not verify the client's certificate. If mutual is true,
// then the server will require the client to present a trusted certificate. // then the server will require the client to present a trusted certificate.
func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert string, insecure, mutual bool) (*Mux, error) { func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert, serverName string, insecure, mutual bool) (*Mux, error) {
mux, err := NewMux(ln, adv) mux, err := NewMux(ln, adv)
if err != nil { if err != nil {
return nil, err return nil, err
} }
mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, insecure, mutual) mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, serverName, insecure, mutual)
if err != nil { if err != nil {
return nil, fmt.Errorf("cannot create TLS config: %s", err) return nil, fmt.Errorf("cannot create TLS config: %s", err)
} }

4
tcp/mux_test.go
Unescape Escape View File

@ -176,7 +176,7 @@ func TestTLSMux(t *testing.T) {
key := x509.KeyFile("") key := x509.KeyFile("")
defer os.Remove(key) defer os.Remove(key)
mux, err := NewTLSMux(tcpListener, nil, cert, key, "", true, false) mux, err := NewTLSMux(tcpListener, nil, cert, key, "", "", true, false)
if err != nil { if err != nil {
t.Fatalf("failed to create mux: %s", err.Error()) t.Fatalf("failed to create mux: %s", err.Error())
} }
@ -199,7 +199,7 @@ func TestTLSMux(t *testing.T) {
func TestTLSMux_Fail(t *testing.T) { func TestTLSMux_Fail(t *testing.T) {
tcpListener := mustTCPListener("127.0.0.1:0") tcpListener := mustTCPListener("127.0.0.1:0")
defer tcpListener.Close() defer tcpListener.Close()
_, err := NewTLSMux(tcpListener, nil, "xxxx", "yyyy", "", true, false) _, err := NewTLSMux(tcpListener, nil, "xxxx", "yyyy", "", "", true, false)
if err == nil { if err == nil {
t.Fatalf("created mux unexpectedly with bad resources") t.Fatalf("created mux unexpectedly with bad resources")
} }

Write Preview
Loading…
Cancel
Save