-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#376] Fix tls/errors subtest failure due to certificate verification…
… failures showing up after tls handshake in TLS 1.3 In the tls/errors subtest, the "TEST CASE 5" section tests that expired certificates issue appropriate errors. This test fails with an assert failure in the source server. %YDB-F-ASSERT, Assert failed in sr_port/repl_comm.c line 352 for expression (FALSE) Below is the C-stack of the source server at the time of the failure. #4 rts_error_va () at sr_unix/rts_error.c:194 #5 rts_error_csa () at sr_unix/rts_error.c:103 #6 repl_recv () at sr_port/repl_comm.c:352 #7 gtmsource_recv_ctl () at sr_unix/gtmsource_process.c:438 #8 gtmsource_process () at sr_unix/gtmsource_process.c:1488 #9 gtmsource () at sr_unix/gtmsource.c:528 The source server fails a SSL_read() call after the initial handshake due to an expired certificate. In TLS 1.2 and before, the initial handshake used to detect the expired certificate. That used to happen in the function repl_do_tls_handshake() and if a failure is detected there, the function gtmsource_exchange_tls_info() used to fall back to plaintext mode of replication thereby keeping the source server alive. But with TLS 1.3, if the failing assert in repl_comm.c line 352 is removed, a TLSIOERROR error would be issued and the source server would still terminate with an error instead of falling back to plaintext mode. This is because the TLS error was detected after the initial handshake and the replication code was not written to handle plaintext fallback after the initial handshake. With TLS 1.3, the initial handshake has been cut down a lot and so I guess the certificate expiry case cannot be made to issue an error as part of the initial handshake by using any controls in the SSL* functions. Therefore, handling plaintext fallback in case of TLS errors after the initial handshake effectively becomes a necessity with TLS 1.3. Towards this, repl_recv() and repl_send() have been enhanced to return with a status of ERR_TLSIOERROR when repl_errno is set to EREPL_RECV and EREPL_SEND respectively. And all places that check for EREPL_RECV and/or EREPL_SEND have been enhanced to handle the new ERR_TLSIOERROR status code by invoking new macros GTMSOURCE_HANDLE_TLSIOERROR or GTMRECV_HANDLE_TLSIOERROR depending on whether the caller is the source or receiver server respectively. These macros take care of checking if plaintext fallback was specified at the source/receiver server startup and if so do the plaintext fallback without terminating the server (but issuing a warning-type YDB-W-TLSIOERROR message). If no fallback was specified, a error-type YDB-E-TLSIOERROR message is issued and the server terminates.
- Loading branch information
Showing
8 changed files
with
283 additions
and
107 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.