mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-19 16:20:50 +00:00
Fix
This commit is contained in:
parent
187a717872
commit
8cdcc431fe
@ -226,6 +226,13 @@ namespace Crypto
|
|||||||
error:
|
error:
|
||||||
if (pFile)
|
if (pFile)
|
||||||
fclose(pFile);
|
fclose(pFile);
|
||||||
|
if (*ppKey)
|
||||||
|
{
|
||||||
|
if constexpr (std::is_same_v<K, EVP_PKEY>)
|
||||||
|
EVP_PKEY_free(*ppKey);
|
||||||
|
else
|
||||||
|
EC_KEY_free(*ppKey);
|
||||||
|
}
|
||||||
throw OpenSSLException("EVPKey::loadKey(string)");
|
throw OpenSSLException("EVPKey::loadKey(string)");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -287,6 +294,13 @@ namespace Crypto
|
|||||||
error:
|
error:
|
||||||
if (pBIO)
|
if (pBIO)
|
||||||
BIO_free(pBIO);
|
BIO_free(pBIO);
|
||||||
|
if (*ppKey)
|
||||||
|
{
|
||||||
|
if constexpr (std::is_same_v<K, EVP_PKEY>)
|
||||||
|
EVP_PKEY_free(*ppKey);
|
||||||
|
else
|
||||||
|
EC_KEY_free(*ppKey);
|
||||||
|
}
|
||||||
throw OpenSSLException("EVPKey::loadKey(stream)");
|
throw OpenSSLException("EVPKey::loadKey(stream)");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -125,9 +125,9 @@ void setSSLParams(nuraft::asio_service::options & asio_opts)
|
|||||||
disabled_protocols |= Poco::Net::Context::PROTO_TLSV1_2;
|
disabled_protocols |= Poco::Net::Context::PROTO_TLSV1_2;
|
||||||
}
|
}
|
||||||
|
|
||||||
asio_opts.ssl_context_provider_server_ = [ctx_params = params, certificate_data, disabled_protocols]
|
asio_opts.ssl_context_provider_server_ = [params, certificate_data, disabled_protocols]
|
||||||
{
|
{
|
||||||
Poco::Net::Context context(Poco::Net::Context::Usage::TLSV1_2_SERVER_USE, ctx_params);
|
Poco::Net::Context context(Poco::Net::Context::Usage::TLSV1_2_SERVER_USE, params);
|
||||||
context.disableProtocols(disabled_protocols);
|
context.disableProtocols(disabled_protocols);
|
||||||
SSL_CTX * ssl_ctx = context.takeSslContext();
|
SSL_CTX * ssl_ctx = context.takeSslContext();
|
||||||
SSL_CTX_set_cert_cb(ssl_ctx, callSetCertificate, reinterpret_cast<void *>(certificate_data.get()));
|
SSL_CTX_set_cert_cb(ssl_ctx, callSetCertificate, reinterpret_cast<void *>(certificate_data.get()));
|
||||||
|
@ -4093,7 +4093,7 @@ class ClickHouseInstance:
|
|||||||
exclusion_substring="",
|
exclusion_substring="",
|
||||||
):
|
):
|
||||||
if from_host:
|
if from_host:
|
||||||
# We check fist file exists but want to look for all rotated logs as well
|
# We check first file exists but want to look for all rotated logs as well
|
||||||
result = subprocess_check_call(
|
result = subprocess_check_call(
|
||||||
[
|
[
|
||||||
"bash",
|
"bash",
|
||||||
|
@ -161,21 +161,22 @@ def check_valid_configuration(filename, password):
|
|||||||
run_test()
|
run_test()
|
||||||
|
|
||||||
|
|
||||||
def test_secure_raft_works(started_cluster):
|
|
||||||
check_valid_configuration("WithoutPassPhrase", None)
|
|
||||||
|
|
||||||
|
|
||||||
def test_secure_raft_works_with_password(started_cluster):
|
|
||||||
def check_invalid_configuration(filename, password):
|
def check_invalid_configuration(filename, password):
|
||||||
stop_all_clickhouse()
|
stop_all_clickhouse()
|
||||||
for node in nodes:
|
for node in nodes:
|
||||||
setupSsl(node, filename, password)
|
setupSsl(node, filename, password)
|
||||||
|
|
||||||
nodes[0].start_clickhouse(expected_to_fail=True)
|
nodes[0].start_clickhouse(expected_to_fail=True)
|
||||||
nodes[0].contains_in_log(
|
nodes[0].wait_for_log_line(
|
||||||
"OpenSSLException: EVPKey::loadKey(string): error:0480006C:PEM routines::no start line"
|
"OpenSSLException: EVPKey::loadKey.*error:0480006C:PEM routines::no start line",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def test_secure_raft_works(started_cluster):
|
||||||
|
check_valid_configuration("WithoutPassPhrase", None)
|
||||||
|
|
||||||
|
|
||||||
|
def test_secure_raft_works_with_password(started_cluster):
|
||||||
check_valid_configuration("WithoutPassPhrase", "unusedpassword")
|
check_valid_configuration("WithoutPassPhrase", "unusedpassword")
|
||||||
check_invalid_configuration("WithPassPhrase", "wrongpassword")
|
check_invalid_configuration("WithPassPhrase", "wrongpassword")
|
||||||
check_invalid_configuration("WithPassPhrase", "")
|
check_invalid_configuration("WithPassPhrase", "")
|
||||||
|
Loading…
Reference in New Issue
Block a user