Fix

2024-09-19 16:20:50 +00:00 · 2024-09-16 09:56:31 +02:00 · 2024-09-16 09:56:31 +02:00 · 8cdcc431fe
commit 8cdcc431fe
parent 187a717872
5 changed files with 28 additions and 13 deletions
--- a/base/poco/Crypto/include/Poco/Crypto/EVPPKey.h
+++ b/base/poco/Crypto/include/Poco/Crypto/EVPPKey.h
@ -226,6 +226,13 @@ namespace Crypto
        error:
            if (pFile)
                fclose(pFile);
+            if (*ppKey)
+            {
+                if constexpr (std::is_same_v<K, EVP_PKEY>)
+                    EVP_PKEY_free(*ppKey);
+                else
+                    EC_KEY_free(*ppKey);
+            }
            throw OpenSSLException("EVPKey::loadKey(string)");
        }

@ -287,6 +294,13 @@ namespace Crypto
        error:
            if (pBIO)
                BIO_free(pBIO);
+            if (*ppKey)
+            {
+                if constexpr (std::is_same_v<K, EVP_PKEY>)
+                    EVP_PKEY_free(*ppKey);
+                else
+                    EC_KEY_free(*ppKey);
+            }
            throw OpenSSLException("EVPKey::loadKey(stream)");
        }

--- a/src/Coordination/KeeperServer.cpp
+++ b/src/Coordination/KeeperServer.cpp
@ -125,9 +125,9 @@ void setSSLParams(nuraft::asio_service::options & asio_opts)
            disabled_protocols |= Poco::Net::Context::PROTO_TLSV1_2;
    }

-    asio_opts.ssl_context_provider_server_ = [ctx_params = params, certificate_data, disabled_protocols]
+    asio_opts.ssl_context_provider_server_ = [params, certificate_data, disabled_protocols]
    {
-        Poco::Net::Context context(Poco::Net::Context::Usage::TLSV1_2_SERVER_USE, ctx_params);
+        Poco::Net::Context context(Poco::Net::Context::Usage::TLSV1_2_SERVER_USE, params);
        context.disableProtocols(disabled_protocols);
        SSL_CTX * ssl_ctx = context.takeSslContext();
        SSL_CTX_set_cert_cb(ssl_ctx, callSetCertificate, reinterpret_cast<void *>(certificate_data.get()));
--- a/tests/integration/helpers/cluster.py
+++ b/tests/integration/helpers/cluster.py
@ -4093,7 +4093,7 @@ class ClickHouseInstance:
        exclusion_substring="",
    ):
        if from_host:
-            # We check fist file exists but want to look for all rotated logs as well
+            # We check first file exists but want to look for all rotated logs as well
            result = subprocess_check_call(
                [
                    "bash",
--- a/tests/integration/test_keeper_internal_secure/ssl_conf.yml
+++ b/tests/integration/test_keeper_internal_secure/ssl_conf.yml
--- a/tests/integration/test_keeper_internal_secure/test.py
+++ b/tests/integration/test_keeper_internal_secure/test.py
@ -161,21 +161,22 @@ def check_valid_configuration(filename, password):
    run_test()


-def test_secure_raft_works(started_cluster):
-    check_valid_configuration("WithoutPassPhrase", None)
-
-
-def test_secure_raft_works_with_password(started_cluster):
 def check_invalid_configuration(filename, password):
    stop_all_clickhouse()
    for node in nodes:
        setupSsl(node, filename, password)

    nodes[0].start_clickhouse(expected_to_fail=True)
-        nodes[0].contains_in_log(
-            "OpenSSLException: EVPKey::loadKey(string): error:0480006C:PEM routines::no start line"
+    nodes[0].wait_for_log_line(
+        "OpenSSLException: EVPKey::loadKey.*error:0480006C:PEM routines::no start line",
    )

+
+def test_secure_raft_works(started_cluster):
+    check_valid_configuration("WithoutPassPhrase", None)
+
+
+def test_secure_raft_works_with_password(started_cluster):
    check_valid_configuration("WithoutPassPhrase", "unusedpassword")
    check_invalid_configuration("WithPassPhrase", "wrongpassword")
    check_invalid_configuration("WithPassPhrase", "")