gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TLS: relax verification on CONFIG SET. (#7665)

Browse Source 
Avoid re-configuring (and validating) SSL/TLS configuration on `CONFIG
SET` when TLS is not actively enabled for incoming connections, cluster
bus or replication.

This fixes failures when tests run without `--tls` on binaries that were
built with TLS support.

An additional benefit is that it's now possible to perform a multi-step
configuration process while TLS is disabled. The new configuration will
be verified and applied only when TLS is effectively enabled.

(cherry picked from commit fb2a94af3fbb3f3cf8b26b8bd89387669cb111a1)
This commit is contained in:
Yossi Gottlieb 2020-08-17 17:36:50 +03:00 committed by Oran Agra
parent 39ffc3702f
commit 2e7ad58918
2 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/workflows/daily.yml vendored
View File

@ -85,12 +85,19 @@ jobs:
sudo apt-get install tcl8.5 tcl-tls sudo apt-get install tcl8.5 tcl-tls
./utils/gen-test-certs.sh ./utils/gen-test-certs.sh
./runtest --accurate --verbose --tls ./runtest --accurate --verbose --tls
./runtest --accurate --verbose
- name: module api test - name: module api test
run: ./runtest-moduleapi --verbose --tls run: |
./runtest-moduleapi --verbose --tls
./runtest-moduleapi --verbose
- name: sentinel tests - name: sentinel tests
run: ./runtest-sentinel --tls run: |
./runtest-sentinel --tls
./runtest-sentinel
- name: cluster tests - name: cluster tests
run: ./runtest-cluster --tls run: |
./runtest-cluster --tls
./runtest-cluster
test-valgrind: test-valgrind:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -147,10 +154,17 @@ jobs:
yum -y install tcl tcltls yum -y install tcl tcltls
./utils/gen-test-certs.sh ./utils/gen-test-certs.sh
./runtest --accurate --verbose --tls ./runtest --accurate --verbose --tls
./runtest --accurate --verbose
- name: module api test - name: module api test
run: ./runtest-moduleapi --verbose --tls run: |
./runtest-moduleapi --verbose --tls
./runtest-moduleapi --verbose
- name: sentinel tests - name: sentinel tests
run: ./runtest-sentinel --tls run: |
./runtest-sentinel --tls
./runtest-sentinel
- name: cluster tests - name: cluster tests
run: ./runtest-cluster --tls run: |
./runtest-cluster --tls
./runtest-cluster

5
src/config.c
View File

@ -2077,7 +2077,10 @@ static int updateTlsCfg(char *val, char *prev, char **err) {
UNUSED(val); UNUSED(val);
UNUSED(prev); UNUSED(prev);
UNUSED(err); UNUSED(err);
if (tlsConfigure(&server.tls_ctx_config) == C_ERR) {
/* If TLS is enabled, try to configure OpenSSL. */
if ((server.tls_port || server.tls_replication || server.tls_cluster)
&& tlsConfigure(&server.tls_ctx_config) == C_ERR) {
*err = "Unable to update TLS configuration. Check server logs."; *err = "Unable to update TLS configuration. Check server logs.";
return 0; return 0;
} }