From cb66a63aa4a5b4b3a9d55b0d041b755330dc7a17 Mon Sep 17 00:00:00 2001
From: Vitaly Baranov <vitbar@yandex-team.ru>
Date: Sat, 19 Feb 2022 03:58:58 +0700
Subject: [PATCH] Rename header and config setting for consistency.

---
 src/Access/UsersConfigAccessStorage.cpp                   | 2 +-
 src/Server/HTTPHandler.cpp                                | 2 +-
 .../configs/users_with_ssl_auth.xml                       | 8 ++++----
 tests/integration/test_ssl_cert_authentication/test.py    | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Access/UsersConfigAccessStorage.cpp b/src/Access/UsersConfigAccessStorage.cpp
index fd10150623b..a06ceabd808 100644
--- a/src/Access/UsersConfigAccessStorage.cpp
+++ b/src/Access/UsersConfigAccessStorage.cpp
@@ -62,7 +62,7 @@ namespace
         bool has_ldap = config.has(user_config + ".ldap");
         bool has_kerberos = config.has(user_config + ".kerberos");
 
-        const auto certificates_config = user_config + ".certificates";
+        const auto certificates_config = user_config + ".ssl_certificates";
         bool has_certificates = config.has(certificates_config);
 
         size_t num_password_fields = has_no_password + has_password_plaintext + has_password_sha256_hex + has_password_double_sha1_hex + has_ldap + has_kerberos + has_certificates;
diff --git a/src/Server/HTTPHandler.cpp b/src/Server/HTTPHandler.cpp
index 1b8afd938ec..bae879066ad 100644
--- a/src/Server/HTTPHandler.cpp
+++ b/src/Server/HTTPHandler.cpp
@@ -330,7 +330,7 @@ bool HTTPHandler::authenticateUser(
 
     /// The header 'X-ClickHouse-SSL-Certificate-Auth: on' enables checking the common name
     /// extracted from the SSL certificate used for this connection instead of checking password.
-    bool has_ssl_certificate_auth = (request.get("X-ClickHouse-X509Authentication", "") == "yes");
+    bool has_ssl_certificate_auth = (request.get("X-ClickHouse-SSL-Certificate-Auth", "") == "on");
     bool has_auth_headers = !user.empty() || !password.empty() || !quota_key.empty() || has_ssl_certificate_auth;
 
     /// User name and password can be passed using HTTP Basic auth or query parameters
diff --git a/tests/integration/test_ssl_cert_authentication/configs/users_with_ssl_auth.xml b/tests/integration/test_ssl_cert_authentication/configs/users_with_ssl_auth.xml
index 700759dcd34..c41776f9e78 100644
--- a/tests/integration/test_ssl_cert_authentication/configs/users_with_ssl_auth.xml
+++ b/tests/integration/test_ssl_cert_authentication/configs/users_with_ssl_auth.xml
@@ -2,15 +2,15 @@
 <clickhouse>
     <users>
         <john>
-            <certificates>
+            <ssl_certificates>
                 <common_name>client1</common_name>
-            </certificates>
+            </ssl_certificates>
         </john>
         <lucy>
-            <certificates>
+            <ssl_certificates>
                 <common_name>client2</common_name>
                 <common_name>client3</common_name>
-            </certificates>
+            </ssl_certificates>
         </lucy>
         <peter>
             <no_password/>
diff --git a/tests/integration/test_ssl_cert_authentication/test.py b/tests/integration/test_ssl_cert_authentication/test.py
index bdc7310a6b0..eceb4d10ae5 100644
--- a/tests/integration/test_ssl_cert_authentication/test.py
+++ b/tests/integration/test_ssl_cert_authentication/test.py
@@ -40,7 +40,7 @@ def execute_query_https(query, user, enable_ssl_auth=True, cert_name=None, passw
     request = urllib.request.Request(url)
     request.add_header('X-ClickHouse-User', user)
     if enable_ssl_auth:
-        request.add_header('X-ClickHouse-X509Authentication', 'yes')
+        request.add_header('X-ClickHouse-SSL-Certificate-Auth', 'on')
     if password:
         request.add_header('X-ClickHouse-Key', password)
     response = urllib.request.urlopen(request, context=get_ssl_context(cert_name)).read()