diff --git a/src/common/ssl/SSLConfig.cpp b/src/common/ssl/SSLConfig.cpp index 5f39f26c5ac..b6623e54332 100644 --- a/src/common/ssl/SSLConfig.cpp +++ b/src/common/ssl/SSLConfig.cpp @@ -8,6 +8,7 @@ DEFINE_string(cert_path, "", "Path to cert pem."); DEFINE_string(key_path, "", "Path to cert key."); +DEFINE_string(password_path, "", "Path to password."); DEFINE_string(ca_path, "", "Path to trusted CA file."); DEFINE_bool(enable_ssl, false, "Whether to enable ssl."); DEFINE_bool(enable_graph_ssl, false, "Whether to enable ssl of graph server."); @@ -17,7 +18,7 @@ namespace nebula { std::shared_ptr sslContextConfig() { auto sslCfg = std::make_shared(); - sslCfg->addCertificate(FLAGS_cert_path, FLAGS_key_path, ""); + sslCfg->addCertificate(FLAGS_cert_path, FLAGS_key_path, FLAGS_password_path); sslCfg->isDefault = true; return sslCfg; } diff --git a/tests/cert/test.ca.password b/tests/cert/test.ca.password new file mode 100644 index 00000000000..60b7570cd13 --- /dev/null +++ b/tests/cert/test.ca.password @@ -0,0 +1 @@ +vesoft \ No newline at end of file diff --git a/tests/common/nebula_service.py b/tests/common/nebula_service.py index 13ec5690e4f..c13f494f99c 100644 --- a/tests/common/nebula_service.py +++ b/tests/common/nebula_service.py @@ -65,6 +65,8 @@ def _copy_nebula_conf(self): resources_dir) shutil.copy(self.src_dir + '/tests/cert/test.ca.pem', resources_dir) + shutil.copy(self.src_dir + '/tests/cert/test.ca.password', + resources_dir) shutil.copy(self.src_dir + '/tests/cert/test.derive.key', resources_dir) shutil.copy(self.src_dir + '/tests/cert/test.derive.crt', @@ -86,6 +88,7 @@ def _format_nebula_command(self, name, meta_port, ports, debug_log=True, ca_sign else: params.append('--cert_path=share/resources/test.ca.pem') params.append('--key_path=share/resources/test.ca.key') + params.append('--password_path=share/resources/test.ca.password') if name == 'graphd': params.append('--local_config=false') diff --git a/tests/nebula-test-run.py b/tests/nebula-test-run.py index 0399a3b2139..d2f7eabeac1 100755 --- a/tests/nebula-test-run.py +++ b/tests/nebula-test-run.py @@ -54,19 +54,19 @@ def init_parser(): help='Print verbose debug logs') opt_parser.add_option('--enable_ssl', dest='enable_ssl', - default=False, + default='false', help='Whether enable SSL for cluster.') opt_parser.add_option('--enable_graph_ssl', dest='enable_graph_ssl', - default=False, + default='false', help='Whether enable SSL for graph server.') opt_parser.add_option('--enable_meta_ssl', dest='enable_meta_ssl', - default=False, + default='false', help='Whether enable SSL for meta server.') opt_parser.add_option('--ca_signed', dest='ca_signed', - default=False, + default='false', help='Whether enable CA signed SSL/TLS mode.') return opt_parser @@ -86,7 +86,11 @@ def start_nebula(nb, configs): nb.install() address = "localhost" debug = opt_is(configs.debug, "true") - ports = nb.start(debug_log=debug, multi_graphd=configs.multi_graphd, enable_ssl=configs.enable_ssl, enable_graph_ssl=configs.enable_graph_ssl, enable_meta_ssl=configs.enable_meta_ssl, ca_signed=configs.ca_signed) + enable_ssl = opt_is(configs.enable_ssl, "true") + enable_meta_ssl = opt_is(configs.enable_meta_ssl, "true") + enable_graph_ssl = opt_is(configs.enable_graph_ssl, "true") + ca_signed = opt_is(configs.ca_signed, "true") + ports = nb.start(debug_log=debug, multi_graphd=configs.multi_graphd, enable_ssl=enable_ssl, enable_graph_ssl=enable_graph_ssl, enable_meta_ssl=enable_meta_ssl, ca_signed=ca_signed) # Load csv data pool = get_conn_pool(address, ports[0])