Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

explicitly fail when ssl setup fails in socket_init #4402

Open
wants to merge 1 commit into
base: devel
Choose a base branch
from
Open

explicitly fail when ssl setup fails in socket_init #4402

wants to merge 1 commit into from

Conversation

jiankyu
Copy link

@jiankyu jiankyu commented Aug 23, 2024

Currently in socket_init(), it doesn't check the ret code on ssl_setup_connection_params() call. the initialization appears successful but the transport is not usable, ssl handshake all fails.

There are many failure scenarios like cert/key/ca file absence, or cert/key mismatch, that cause the ssl setup failing.

It's better to fail the initialization explicitly so that we can discover the problem much earlier. There are so many
@jiankyu
explicitly fail when ssl setup fails in socket_init
0122321 
Currently in socket_init(), it doesn't check the ret code on
ssl_setup_connection_params() call. the initialization appears
successful but the transport is not usable, ssl handshake all fails.

There are many failure scenarios like cert/key/ca file absence, or
cert/key mismatch, that cause the ssl setup failing.

It's better to fail the initialization explicitly so that we can
discover the problem much earlier. There are so many

Signed-off-by: Jiankun Yu <jiankyu@ebay.com>
@gluster-ant
Copy link
Collaborator

Can one of the admins verify this patch?
2 similar comments
@gluster-ant
Copy link
Collaborator

Can one of the admins verify this patch?
@gluster-ant
Copy link
Collaborator

Can one of the admins verify this patch?
@gluster-ant
Copy link
Collaborator

CLANG-FORMAT FAILURE:
Before merging the patch, this diff needs to be considered for passing clang-format

index d43589ea6..97599e24b 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -56,7 +56,8 @@
 #if !defined(DEFAULT_VERIFY_DEPTH)
 #define DEFAULT_VERIFY_DEPTH 1
 #endif
-#define DEFAULT_CIPHER_LIST "AES128:EECDH:EDH:HIGH:!3DES:!RC4:!DES:!MD5:!aNULL:!eNULL"
+#define DEFAULT_CIPHER_LIST                                                    \
+    "AES128:EECDH:EDH:HIGH:!3DES:!RC4:!DES:!MD5:!aNULL:!eNULL"
 #define DEFAULT_DH_PARAM SSL_CERT_PATH "/dhparam.pem"
 #define DEFAULT_EC_CURVE "prime256v1"
@mohit84
Copy link
Contributor

mohit84 commented Aug 23, 2024

/run regression
@jiankyu
Copy link
Author

jiankyu commented Aug 23, 2024

Hi, @mohit84 Some of the regression tests are failing and I didn't figure out how they are triggered on github. Could you enlighten me about the github checks and tests? I might submit PRs in the future for minor improvements/bugfixes.
Thanks!
@mohit84
Copy link
Contributor

mohit84 commented Aug 26, 2024

Hi, @mohit84 Some of the regression tests are failing and I didn't figure out how they are triggered on github. Could you enlighten me about the github checks and tests? I might submit PRs in the future for minor improvements/bugfixes. Thanks!

The failed test cases are not mandatory so we can ignore them.
@mohit84
Copy link
Contributor

mohit84 commented Aug 26, 2024

recheck smoke
@mohit84
Copy link
Contributor

mohit84 commented Aug 26, 2024

/recheck smoke
@gluster-ant
Copy link
Collaborator

CLANG-FORMAT FAILURE:
Before merging the patch, this diff needs to be considered for passing clang-format

index d43589ea6..97599e24b 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -56,7 +56,8 @@
 #if !defined(DEFAULT_VERIFY_DEPTH)
 #define DEFAULT_VERIFY_DEPTH 1
 #endif
-#define DEFAULT_CIPHER_LIST "AES128:EECDH:EDH:HIGH:!3DES:!RC4:!DES:!MD5:!aNULL:!eNULL"
+#define DEFAULT_CIPHER_LIST                                                    \
+    "AES128:EECDH:EDH:HIGH:!3DES:!RC4:!DES:!MD5:!aNULL:!eNULL"
 #define DEFAULT_DH_PARAM SSL_CERT_PATH "/dhparam.pem"
 #define DEFAULT_EC_CURVE "prime256v1"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
3 participants
@jiankyu @gluster-ant @mohit84