wbtiger
/
foundationdb
mirror of https://github.com/apple/foundationdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

set_verify_peers throws an error instead of returning a value

This commit is contained in:
Evan Tschannen 2020-02-26 16:06:16 -08:00
parent 2586bade68
commit d1598e7c99
4 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fdbclient/NativeAPI.actor.cpp
View File

@ -930,11 +930,7 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional<StringRef> valu
validateOptionValue(value, true);
initTLSPolicy();
#ifndef TLS_DISABLED
if (!tlsPolicy->set_verify_peers({ value.get().toString() })) {
TraceEvent(SevWarnAlways, "TLSValidationSetError")
.detail("Input", value.get().toString() );
throw invalid_option_value();
}
tlsPolicy->set_verify_peers({ value.get().toString() });
#endif
break;
case FDBNetworkOptions::CLIENT_BUGGIFY_ENABLE:

4
fdbserver/fdbserver.actor.cpp
View File

@ -1553,7 +1553,9 @@ int main(int argc, char* argv[]) {
} else {
#ifndef TLS_DISABLED
if ( tlsVerifyPeers.size() ) {
if (!tlsPolicy->set_verify_peers( tlsVerifyPeers )) {
try {
tlsPolicy->set_verify_peers( tlsVerifyPeers );
} catch( Error &e ) {
fprintf(stderr, "ERROR: The format of the --tls_verify_peers option is incorrect.\n");
printHelpTeaser(argv[0]);
flushAndExit(FDB_EXIT_ERROR);

5
flow/TLSPolicy.cpp
View File

@ -215,7 +215,7 @@ static X509Location locationForNID(NID nid) {
}
}
bool TLSPolicy::set_verify_peers(std::vector<std::string> verify_peers) {
void TLSPolicy::set_verify_peers(std::vector<std::string> verify_peers) {
for (int i = 0; i < verify_peers.size(); i++) {
try {
std::string& verifyString = verify_peers[i];
@ -235,10 +235,9 @@ bool TLSPolicy::set_verify_peers(std::vector<std::string> verify_peers) {
rules.clear();
std::string& verifyString = verify_peers[i];
TraceEvent(SevError, "FDBLibTLSVerifyPeersParseError").detail("Config", verifyString);
return false;
throw tls_error();
}
}
return true;
}
TLSPolicy::Rule::Rule(std::string input) {

2
flow/TLSPolicy.h
View File

@ -89,7 +89,7 @@ public:
#ifndef TLS_DISABLED
static std::string ErrorString(boost::system::error_code e);
bool set_verify_peers(std::vector<std::string> verify_peers);
void set_verify_peers(std::vector<std::string> verify_peers);
bool verify_peer(bool preverified, X509_STORE_CTX* store_ctx);
std::string toString() const;