Test client-server ssl

2024-11-24 08:32:02 +00:00 · 2018-03-13 22:49:21 +03:00 · 2018-03-13 22:49:21 +03:00 · 13879f7491
commit 13879f7491
parent eb03e63ab2
5 changed files with 40 additions and 7 deletions
--- a/dbms/src/Server/Server.cpp
+++ b/dbms/src/Server/Server.cpp
@ -387,7 +387,7 @@ int Server::main(const std::vector<std::string> & /*args*/)
                    http_socket.setSendTimeout(settings.http_send_timeout);

                    servers.emplace_back(new Poco::Net::HTTPServer(
-                        new HTTPHandlerFactory(*this, "HTTPHandler-factory"),
+                        new HTTPHandlerFactory(*this, "HTTPSHandler-factory"),
                        server_pool,
                        http_socket,
                        http_params));
@ -425,7 +425,7 @@ int Server::main(const std::vector<std::string> & /*args*/)
                    tcp_socket.setReceiveTimeout(settings.receive_timeout);
                    tcp_socket.setSendTimeout(settings.send_timeout);
                    servers.emplace_back(new Poco::Net::TCPServer(
-                        new TCPHandlerFactory(*this),
+                        new TCPHandlerFactory(*this, /* secure= */ true ),
                                                                  server_pool,
                                                                  tcp_socket,
                                                                  new Poco::Net::TCPServerParams));
--- a/dbms/src/Server/TCPHandlerFactory.h
+++ b/dbms/src/Server/TCPHandlerFactory.h
@ -17,9 +17,9 @@ private:
    Poco::Logger * log;

 public:
-    explicit TCPHandlerFactory(IServer & server_)
+    explicit TCPHandlerFactory(IServer & server_, bool secure_ = false)
        : server(server_)
-        , log(&Logger::get("TCPHandlerFactory"))
+        , log(&Logger::get("TCP" + (secure_ ? "S" : "") + "HandlerFactory"))
    {
    }

--- a/dbms/tests/clickhouse-test-server
+++ b/dbms/tests/clickhouse-test-server
@ -22,8 +22,10 @@ export CLICKHOUSE_CONFIG=${CLICKHOUSE_CONFIG:=${CONFIG_SERVER_DIR}server-test.xm
 [ ! -d "$QUERIES_DIR" ] && QUERIES_DIR=${QUERIES_DIR=/usr/share/clickhouse-test/queries}

 rm -rf $DATA_DIR
-mkdir -p $LOG_DIR
+mkdir -p $LOG_DIR $DATA_DIR

+openssl dhparam -out `clickhouse-extract-from-config --config=$CLICKHOUSE_CONFIG  --key=openSSL.server.dhParamsFile` 256
+openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout `clickhouse-extract-from-config --config=$CLICKHOUSE_CONFIG  --key=openSSL.server.privateKeyFile` -out `clickhouse-extract-from-config --config=$CLICKHOUSE_CONFIG  --key=openSSL.server.certificateFile`

 # Start a local clickhouse server which will be used to run tests
 #PATH=$PATH:$BIN_DIR \
@ -31,6 +33,8 @@ ${BIN_DIR}clickhouse-server --config-file=${CLICKHOUSE_CONFIG} > $LOG_DIR/stdout
 CH_PID=$!
 sleep 3

+tail -n50 $LOG_DIR/*
+
 # Define needed stuff to kill test clickhouse server after tests completion
 function finish {
  kill $CH_PID || true
@ -38,7 +42,7 @@ function finish {
  tail -n 50 $LOG_DIR/stdout
  rm -rf $DATA_DIR
 }
-trap finish EXIT
+trap finish EXIT SIGINT SIGQUIT SIGTERM

 # Do tests
 if [ -n "$*" ]; then
--- a/dbms/tests/client-test.xml
+++ b/dbms/tests/client-test.xml
@ -1,4 +1,5 @@
 <!-- Config for connecting to test server -->
 <yandex>
    <tcp_port>59000</tcp_port>
+    <tcp_ssl_port>59440</tcp_ssl_port>
 </yandex>
--- a/dbms/tests/server-test.xml
+++ b/dbms/tests/server-test.xml
@ -13,8 +13,36 @@
    <listen_try>1</listen_try>
    <http_port>58123</http_port>
    <tcp_port>59000</tcp_port>
-    <listen_host>0.0.0.0</listen_host>
+    <https_port>58443</https_port>
+    <tcp_ssl_port>59440</tcp_ssl_port>
    <interserver_http_port>59009</interserver_http_port>
+    <openSSL>
+        <server> <!-- Used for https server AND secure tcp port -->
+            <!-- openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt -->
+            <certificateFile>/tmp/clickhouse/server.crt</certificateFile>
+            <privateKeyFile>/tmp/clickhouse/server.key</privateKeyFile>
+            <!-- openssl dhparam -out /etc/clickhouse-server/dhparam.pem 4096 -->
+            <dhParamsFile>/tmp/clickhouse/dhparam.pem</dhParamsFile>
+            <verificationMode>none</verificationMode>
+            <loadDefaultCAFile>true</loadDefaultCAFile>
+            <cacheSessions>true</cacheSessions>
+            <disableProtocols>sslv2,sslv3</disableProtocols>
+            <preferServerCiphers>true</preferServerCiphers>
+        </server>
+
+        <client> <!-- Used for connecting to https dictionary source -->
+            <loadDefaultCAFile>true</loadDefaultCAFile>
+            <cacheSessions>true</cacheSessions>
+            <disableProtocols>sslv2,sslv3</disableProtocols>
+            <preferServerCiphers>true</preferServerCiphers>
+            <!-- Use for self-signed: <verificationMode>none</verificationMode> -->
+            <invalidCertificateHandler>
+                <!-- Use for self-signed: <name>AcceptCertificateHandler</name> -->
+                <name>RejectCertificateHandler</name>
+            </invalidCertificateHandler>
+        </client>
+    </openSSL>
+
    <keep_alive_timeout>3</keep_alive_timeout>
    <path>/tmp/clickhouse/data/</path>
    <tmp_path>/tmp/clickhouse/tmp/</tmp_path>