From 8667be86615a253271ea181629d6a16b55f6c4a0 Mon Sep 17 00:00:00 2001 From: "R.I.Pienaar" Date: Fri, 9 Aug 2024 11:06:54 +0300 Subject: [PATCH] Move tls handshake errors to debug Signed-off-by: R.I.Pienaar --- server/client.go | 4 +- server/leafnode_test.go | 79 ++++++++++++++++++++++++---------------- server/routes_test.go | 6 ++- test/cluster_tls_test.go | 4 +- 4 files changed, 56 insertions(+), 37 deletions(-) diff --git a/server/client.go b/server/client.go index 0d3761b1ed9..a52dbfa1d41 100644 --- a/server/client.go +++ b/server/client.go @@ -5910,9 +5910,9 @@ func (c *client) doTLSHandshake(typ string, solicit bool, url *url.URL, tlsConfi if err != nil { if kind == CLIENT { - c.Errorf("TLS handshake error: %v", err) + c.Debugf("TLS handshake error: %v", err) } else { - c.Errorf("TLS %s handshake error: %v", typ, err) + c.Debugf("TLS %s handshake error: %v", typ, err) } c.closeConnection(TLSHandshakeError) diff --git a/server/leafnode_test.go b/server/leafnode_test.go index 3207ba2fc33..c41b56e2123 100644 --- a/server/leafnode_test.go +++ b/server/leafnode_test.go @@ -34,7 +34,7 @@ import ( "github.com/nats-io/nkeys" "github.com/klauspost/compress/s2" - jwt "github.com/nats-io/jwt/v2" + "github.com/nats-io/jwt/v2" "github.com/nats-io/nats.go" "github.com/nats-io/nats-server/v2/internal/testhelper" @@ -337,12 +337,32 @@ func TestLeafNodeTLSRemoteWithNoCerts(t *testing.T) { type captureErrorLogger struct { DummyLogger - errCh chan string + filter func(string) bool + errCh chan string } func (l *captureErrorLogger) Errorf(format string, v ...any) { + msg := fmt.Sprintf(format, v...) + + if l.filter != nil && !l.filter(msg) { + return + } + select { - case l.errCh <- fmt.Sprintf(format, v...): + case l.errCh <- msg: + default: + } +} + +func (l *captureErrorLogger) Debugf(format string, v ...any) { + msg := fmt.Sprintf(format, v...) + + if l.filter != nil && !l.filter(msg) { + return + } + + select { + case l.errCh <- msg: default: } } @@ -2623,8 +2643,15 @@ func TestLeafNodeTLSConfigReload(t *testing.T) { srvA, optsA := RunServerWithConfig(confA) defer srvA.Shutdown() - lg := &captureErrorLogger{errCh: make(chan string, 10)} - srvA.SetLogger(lg, false, false) + lg := &captureErrorLogger{errCh: make(chan string, 10), filter: func(m string) bool { + // Since Go 1.18, we had to regenerate certs to not have to use GODEBUG="x509sha1=1" + // But on macOS, with our test CA certs, no SCTs included, it will fail + // for the reason "x509: “localhost” certificate is not standards compliant" + // instead of "unknown authority". + return strings.Contains(m, "unknown") || strings.Contains(m, "compliant") + }} + + srvA.SetLogger(lg, true, false) confB := createConfFile(t, []byte(fmt.Sprintf(` listen: -1 @@ -2654,14 +2681,7 @@ func TestLeafNodeTLSConfigReload(t *testing.T) { // Wait for the error select { - case err := <-lg.errCh: - // Since Go 1.18, we had to regenerate certs to not have to use GODEBUG="x509sha1=1" - // But on macOS, with our test CA certs, no SCTs included, it will fail - // for the reason "x509: “localhost” certificate is not standards compliant" - // instead of "unknown authority". - if !strings.Contains(err, "unknown") && !strings.Contains(err, "compliant") { - t.Fatalf("Unexpected error: %v", err) - } + case <-lg.errCh: case <-time.After(2 * time.Second): t.Fatalf("Did not get TLS error") } @@ -2696,8 +2716,10 @@ func TestLeafNodeTLSConfigReloadForRemote(t *testing.T) { srvA, optsA := RunServerWithConfig(confA) defer srvA.Shutdown() - lg := &captureErrorLogger{errCh: make(chan string, 10)} - srvA.SetLogger(lg, false, false) + lg := &captureErrorLogger{errCh: make(chan string, 10), filter: func(m string) bool { + return strings.Contains(m, "bad certificate") + }} + srvA.SetLogger(lg, true, false) template := ` listen: -1 @@ -2721,10 +2743,7 @@ func TestLeafNodeTLSConfigReloadForRemote(t *testing.T) { // Wait for the error select { - case err := <-lg.errCh: - if !strings.Contains(err, "bad certificate") { - t.Fatalf("Unexpected error: %v", err) - } + case <-lg.errCh: case <-time.After(2 * time.Second): t.Fatalf("Did not get TLS error") } @@ -3075,14 +3094,13 @@ func TestLeafNodeWSFailedConnection(t *testing.T) { ln := RunServer(lo) defer ln.Shutdown() - el := &captureErrorLogger{errCh: make(chan string, 100)} - ln.SetLogger(el, false, false) + el := &captureErrorLogger{errCh: make(chan string, 100), filter: func(m string) bool { + return strings.Contains(m, "handshake error") + }} + ln.SetLogger(el, true, false) select { - case err := <-el.errCh: - if !strings.Contains(err, "handshake error") { - t.Fatalf("Unexpected error: %v", err) - } + case <-el.errCh: case <-time.After(time.Second): t.Fatal("No error reported!") } @@ -5001,18 +5019,17 @@ func TestLeafNodeTLSHandshakeFirst(t *testing.T) { // Now check that there will be a failure if the remote does not ask for // handshake first since the hub is configured that way. // Set a logger on s1 to capture errors - l := &captureErrorLogger{errCh: make(chan string, 10)} - s1.SetLogger(l, false, false) + l := &captureErrorLogger{errCh: make(chan string, 10), filter: func(m string) bool { + return strings.Contains(m, "handshake error") + }} + s1.SetLogger(l, true, false) confSpoke = createConfFile(t, []byte(fmt.Sprintf(tmpl2, o1.LeafNode.Port, "false"))) s2, _ = RunServerWithConfig(confSpoke) defer s2.Shutdown() select { - case err := <-l.errCh: - if !strings.Contains(err, "handshake error") { - t.Fatalf("Unexpected error: %v", err) - } + case <-l.errCh: case <-time.After(2 * time.Second): t.Fatal("Did not get TLS handshake failure") } diff --git a/server/routes_test.go b/server/routes_test.go index feb381b18da..ea73f36a6fa 100644 --- a/server/routes_test.go +++ b/server/routes_test.go @@ -1806,8 +1806,10 @@ func TestRouteSaveTLSName(t *testing.T) { // Set a logger to capture errors trying to connect after clearing // the routeTLSName and causing a disconnect - l := &captureErrorLogger{errCh: make(chan string, 1)} - s2.SetLogger(l, false, false) + l := &captureErrorLogger{errCh: make(chan string, 1), filter: func(s string) bool { + return strings.Contains(s, "TLS route handshake error") + }} + s2.SetLogger(l, true, false) var gotIt bool for i := 0; !gotIt && i < 5; i++ { diff --git a/test/cluster_tls_test.go b/test/cluster_tls_test.go index bd1ef73d508..c3d1bf4e09f 100644 --- a/test/cluster_tls_test.go +++ b/test/cluster_tls_test.go @@ -72,7 +72,7 @@ type captureTLSError struct { ch chan struct{} } -func (c *captureTLSError) Errorf(format string, v ...any) { +func (c *captureTLSError) Debugf(format string, v ...any) { msg := fmt.Sprintf(format, v...) if strings.Contains(msg, "handshake error") { select { @@ -117,7 +117,7 @@ func TestClusterTLSInsecure(t *testing.T) { defer srvA.Shutdown() l := &captureTLSError{ch: make(chan struct{}, 1)} - srvA.SetLogger(l, false, false) + srvA.SetLogger(l, true, false) bConfigTemplate := ` port: -1