Repository: cassandra-dtest Updated Branches: refs/heads/master c0f4dfdfc -> 9da3a2594
Fix error in pre-4.0 internode ssl tests due to CASSANDRA-10404 patch by jasobrown; reviewed by mkjellman for CASSANDRA-14075 Project: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/commit/9da3a259 Tree: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/tree/9da3a259 Diff: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/diff/9da3a259 Branch: refs/heads/master Commit: 9da3a2594bf75cbfd4852ee9b4b3e44c28ff618f Parents: c0f4dfd Author: Jason Brown <jasedbr...@gmail.com> Authored: Wed Nov 29 05:21:31 2017 -0800 Committer: Jason Brown <jasedbr...@gmail.com> Committed: Fri Dec 1 05:31:16 2017 -0800 ---------------------------------------------------------------------- sslnodetonode_test.py | 18 +++++++++++++----- tools/sslkeygen.py | 2 +- 2 files changed, 14 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra-dtest/blob/9da3a259/sslnodetonode_test.py ---------------------------------------------------------------------- diff --git a/sslnodetonode_test.py b/sslnodetonode_test.py index d498b0f..a82f411 100644 --- a/sslnodetonode_test.py +++ b/sslnodetonode_test.py @@ -116,8 +116,12 @@ class TestNodeToNodeSSLEncryption(Tester): self.cluster.stop() self.assertTrue(found) + @since('4.0') def optional_outbound_tls_test(self): - """listen on TLS port, but optionally connect using TLS. this supports the upgrade case of starting with a non-encrypted cluster and then upgrading each node to use encryption.""" + """listen on TLS port, but optionally connect using TLS. this supports the upgrade case of starting with a non-encrypted cluster and then upgrading each node to use encryption. + + @jira_ticket CASSANDRA-10404 + """ credNode1 = sslkeygen.generate_credentials("127.0.0.1") credNode2 = sslkeygen.generate_credentials("127.0.0.2", credNode1.cakeystore, credNode1.cacert) @@ -175,10 +179,7 @@ class TestNodeToNodeSSLEncryption(Tester): shutil.copyfile(credentials.keystore, kspath) shutil.copyfile(credentials.cakeystore, tspath) - node.set_configuration_options(values={ - 'server_encryption_options': { - 'enabled': encryption_enabled, - 'optional': encryption_optional, + server_enc_options = { 'internode_encryption': internode_encryption, 'keystore': kspath, 'keystore_password': 'cassandra', @@ -187,5 +188,12 @@ class TestNodeToNodeSSLEncryption(Tester): 'require_endpoint_verification': endpoint_verification, 'require_client_auth': client_auth, } + + if self.cluster.version() >= '4.0': + server_enc_options['enabled'] = encryption_enabled + server_enc_options['optional'] = encryption_optional + + node.set_configuration_options(values={ + 'server_encryption_options': server_enc_options }) http://git-wip-us.apache.org/repos/asf/cassandra-dtest/blob/9da3a259/tools/sslkeygen.py ---------------------------------------------------------------------- diff --git a/tools/sslkeygen.py b/tools/sslkeygen.py index ed90a83..cccad7e 100644 --- a/tools/sslkeygen.py +++ b/tools/sslkeygen.py @@ -71,7 +71,7 @@ def import_cert(dir, name, cert, keystore, opts=[]): def _exec_keytool(dir, keystore, opts): - args = ['keytool', '-keystore', keystore, '-storepass', 'cassandra'] + opts + args = ['keytool', '-keystore', keystore, '-storepass', 'cassandra', '-deststoretype', 'pkcs12'] + opts subprocess.check_call(args) return keystore --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org