thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-19 16:20:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix

Browse Source
This commit is contained in:
Antonio Andelic 2024-09-16 09:56:31 +02:00
parent 187a717872
commit 8cdcc431fe
5 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
base/poco/Crypto/include/Poco/Crypto/EVPPKey.h
View File

@ -226,6 +226,13 @@ namespace Crypto
error: error:
if (pFile) if (pFile)
fclose(pFile); fclose(pFile);
if (*ppKey)
{
if constexpr (std::is_same_v<K, EVP_PKEY>)
EVP_PKEY_free(*ppKey);
else
EC_KEY_free(*ppKey);
}
throw OpenSSLException("EVPKey::loadKey(string)"); throw OpenSSLException("EVPKey::loadKey(string)");
} }
@ -287,6 +294,13 @@ namespace Crypto
error: error:
if (pBIO) if (pBIO)
BIO_free(pBIO); BIO_free(pBIO);
if (*ppKey)
{
if constexpr (std::is_same_v<K, EVP_PKEY>)
EVP_PKEY_free(*ppKey);
else
EC_KEY_free(*ppKey);
}
throw OpenSSLException("EVPKey::loadKey(stream)"); throw OpenSSLException("EVPKey::loadKey(stream)");
} }

4
src/Coordination/KeeperServer.cpp
View File

@ -125,9 +125,9 @@ void setSSLParams(nuraft::asio_service::options & asio_opts)
disabled_protocols |= Poco::Net::Context::PROTO_TLSV1_2; disabled_protocols |= Poco::Net::Context::PROTO_TLSV1_2;
} }
asio_opts.ssl_context_provider_server_ = [ctx_params = params, certificate_data, disabled_protocols] asio_opts.ssl_context_provider_server_ = [params, certificate_data, disabled_protocols]
{ {
Poco::Net::Context context(Poco::Net::Context::Usage::TLSV1_2_SERVER_USE, ctx_params); Poco::Net::Context context(Poco::Net::Context::Usage::TLSV1_2_SERVER_USE, params);
context.disableProtocols(disabled_protocols); context.disableProtocols(disabled_protocols);
SSL_CTX * ssl_ctx = context.takeSslContext(); SSL_CTX * ssl_ctx = context.takeSslContext();
SSL_CTX_set_cert_cb(ssl_ctx, callSetCertificate, reinterpret_cast<void *>(certificate_data.get())); SSL_CTX_set_cert_cb(ssl_ctx, callSetCertificate, reinterpret_cast<void *>(certificate_data.get()));

2
tests/integration/helpers/cluster.py
View File

@ -4093,7 +4093,7 @@ class ClickHouseInstance:
exclusion_substring="", exclusion_substring="",
): ):
if from_host: if from_host:
# We check fist file exists but want to look for all rotated logs as well # We check first file exists but want to look for all rotated logs as well
result = subprocess_check_call( result = subprocess_check_call(
[ [
"bash", "bash",

0
tests/integration/test_keeper_internal_secure/ssl_conf.yml
View File

17
tests/integration/test_keeper_internal_secure/test.py
View File

@ -161,21 +161,22 @@ def check_valid_configuration(filename, password):
run_test() run_test()
def test_secure_raft_works(started_cluster): def check_invalid_configuration(filename, password):
check_valid_configuration("WithoutPassPhrase", None)
def test_secure_raft_works_with_password(started_cluster):
def check_invalid_configuration(filename, password):
stop_all_clickhouse() stop_all_clickhouse()
for node in nodes: for node in nodes:
setupSsl(node, filename, password) setupSsl(node, filename, password)
nodes[0].start_clickhouse(expected_to_fail=True) nodes[0].start_clickhouse(expected_to_fail=True)
nodes[0].contains_in_log( nodes[0].wait_for_log_line(
"OpenSSLException: EVPKey::loadKey(string): error:0480006C:PEM routines::no start line" "OpenSSLException: EVPKey::loadKey.*error:0480006C:PEM routines::no start line",
) )
def test_secure_raft_works(started_cluster):
check_valid_configuration("WithoutPassPhrase", None)
def test_secure_raft_works_with_password(started_cluster):
check_valid_configuration("WithoutPassPhrase", "unusedpassword") check_valid_configuration("WithoutPassPhrase", "unusedpassword")
check_invalid_configuration("WithPassPhrase", "wrongpassword") check_invalid_configuration("WithPassPhrase", "wrongpassword")
check_invalid_configuration("WithPassPhrase", "") check_invalid_configuration("WithPassPhrase", "")