From 551518be529a958200876711cb3ae841a657fe50 Mon Sep 17 00:00:00 2001 From: Philip O'Toole Date: Thu, 21 Dec 2023 09:41:50 -0500 Subject: [PATCH 1/3] Remove http-no-verify command-line flag It's been obsolete and ignored since 8.0 was released, because nodes now join using the Raft port. --- cmd/rqlited/flags.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/rqlited/flags.go b/cmd/rqlited/flags.go index 1226f1bb..59155c40 100644 --- a/cmd/rqlited/flags.go +++ b/cmd/rqlited/flags.go @@ -69,9 +69,6 @@ type Config struct { // HTTPx509Key is the path to the private key for the HTTP server. May not be set. HTTPx509Key string `filepath:"true"` - // NoHTTPVerify disables checking other nodes' server HTTP X509 certs for validity. - NoHTTPVerify bool - // HTTPVerifyClient indicates whether the HTTP server should verify client certificates. HTTPVerifyClient bool @@ -432,7 +429,6 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) { flag.StringVar(&config.HTTPx509CACert, "http-ca-cert", "", "Path to X.509 CA certificate for HTTPS") flag.StringVar(&config.HTTPx509Cert, HTTPx509CertFlag, "", "Path to HTTPS X.509 certificate") flag.StringVar(&config.HTTPx509Key, HTTPx509KeyFlag, "", "Path to HTTPS X.509 private key") - flag.BoolVar(&config.NoHTTPVerify, "http-no-verify", false, "Skip verification of remote node's HTTPS certificate when joining a cluster") flag.BoolVar(&config.HTTPVerifyClient, "http-verify-client", false, "Enable mutual TLS for HTTPS") flag.StringVar(&config.NodeX509CACert, "node-ca-cert", "", "Path to X.509 CA certificate for node-to-node encryption") flag.StringVar(&config.NodeX509Cert, NodeX509CertFlag, "", "Path to X.509 certificate for node-to-node mutual authentication and encryption") From 06bb0d89b6718e5837f7f8e707a1c13fd5b160f3 Mon Sep 17 00:00:00 2001 From: Philip O'Toole Date: Thu, 21 Dec 2023 09:43:33 -0500 Subject: [PATCH 2/3] CHANGELOG --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d5f4aa74..84e290a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## 8.13.1 (unreleased) +### Implementation changes and bug fixes +- [PR #1510](https://github.com/rqlite/rqlite/pull/1510): Remove obsolete `-http-no-verify` command-line flag. + ## 8.13.0 (December 21st 2023) This release supports setting the _Server Name_ a node should expect in any certificate it receives from another node in the cluster. ### New features From f74ce18998bd19974dc93517a11ba69a325ca1ba Mon Sep 17 00:00:00 2001 From: Philip O'Toole Date: Thu, 21 Dec 2023 09:46:56 -0500 Subject: [PATCH 3/3] Correct help message related to joining --- cmd/rqlited/flags.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/rqlited/flags.go b/cmd/rqlited/flags.go index 59155c40..16f9f287 100644 --- a/cmd/rqlited/flags.go +++ b/cmd/rqlited/flags.go @@ -441,7 +441,7 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) { flag.StringVar(&config.AutoRestoreFile, "auto-restore", "", "Path to automatic restore configuration file. If not set, not enabled") flag.StringVar(&config.RaftAddr, RaftAddrFlag, "localhost:4002", "Raft communication bind address") flag.StringVar(&config.RaftAdv, RaftAdvAddrFlag, "", "Advertised Raft communication address. If not set, same as Raft bind address") - flag.StringVar(&config.JoinAddrs, "join", "", "Comma-delimited list of nodes, through which a cluster can be joined (proto://host:port)") + flag.StringVar(&config.JoinAddrs, "join", "", "Comma-delimited list of nodes, in host:port form, through which a cluster can be joined") flag.IntVar(&config.JoinAttempts, "join-attempts", 5, "Number of join attempts to make") flag.DurationVar(&config.JoinInterval, "join-interval", 3*time.Second, "Period between join attempts") flag.StringVar(&config.JoinAs, "join-as", "", "Username in authentication file to join as. If not set, joins anonymously")