diff --git a/server/client.go b/server/client.go index 0d3761b1ed9..a52dbfa1d41 100644 --- a/server/client.go +++ b/server/client.go @@ -5910,9 +5910,9 @@ func (c *client) doTLSHandshake(typ string, solicit bool, url *url.URL, tlsConfi if err != nil { if kind == CLIENT { - c.Errorf("TLS handshake error: %v", err) + c.Debugf("TLS handshake error: %v", err) } else { - c.Errorf("TLS %s handshake error: %v", typ, err) + c.Debugf("TLS %s handshake error: %v", typ, err) } c.closeConnection(TLSHandshakeError) diff --git a/server/leafnode_test.go b/server/leafnode_test.go index 3207ba2fc33..e246c087b42 100644 --- a/server/leafnode_test.go +++ b/server/leafnode_test.go @@ -34,7 +34,7 @@ import ( "github.com/nats-io/nkeys" "github.com/klauspost/compress/s2" - jwt "github.com/nats-io/jwt/v2" + "github.com/nats-io/jwt/v2" "github.com/nats-io/nats.go" "github.com/nats-io/nats-server/v2/internal/testhelper" @@ -337,12 +337,45 @@ func TestLeafNodeTLSRemoteWithNoCerts(t *testing.T) { type captureErrorLogger struct { DummyLogger - errCh chan string + filter func(string) bool + errCh chan string + sync.Mutex +} + +func (l *captureErrorLogger) setFilter(f func(string) bool) { + l.Lock() + l.filter = f + l.Unlock() } func (l *captureErrorLogger) Errorf(format string, v ...any) { + msg := fmt.Sprintf(format, v...) + + l.Lock() + defer l.Unlock() + + if l.filter != nil && !l.filter(msg) { + return + } + select { - case l.errCh <- fmt.Sprintf(format, v...): + case l.errCh <- msg: + default: + } +} + +func (l *captureErrorLogger) Debugf(format string, v ...any) { + msg := fmt.Sprintf(format, v...) + + l.Lock() + defer l.Unlock() + + if l.filter != nil && !l.filter(msg) { + return + } + + select { + case l.errCh <- msg: default: } } @@ -2624,7 +2657,7 @@ func TestLeafNodeTLSConfigReload(t *testing.T) { defer srvA.Shutdown() lg := &captureErrorLogger{errCh: make(chan string, 10)} - srvA.SetLogger(lg, false, false) + srvA.SetLogger(lg, true, false) confB := createConfFile(t, []byte(fmt.Sprintf(` listen: -1 @@ -2652,16 +2685,17 @@ func TestLeafNodeTLSConfigReload(t *testing.T) { srvB := RunServer(optsB) defer srvB.Shutdown() - // Wait for the error - select { - case err := <-lg.errCh: + lg.setFilter(func(m string) bool { // Since Go 1.18, we had to regenerate certs to not have to use GODEBUG="x509sha1=1" // But on macOS, with our test CA certs, no SCTs included, it will fail // for the reason "x509: “localhost” certificate is not standards compliant" // instead of "unknown authority". - if !strings.Contains(err, "unknown") && !strings.Contains(err, "compliant") { - t.Fatalf("Unexpected error: %v", err) - } + return strings.Contains(m, "unknown") || strings.Contains(m, "compliant") + }) + + // Wait for the error + select { + case <-lg.errCh: case <-time.After(2 * time.Second): t.Fatalf("Did not get TLS error") } @@ -2697,7 +2731,7 @@ func TestLeafNodeTLSConfigReloadForRemote(t *testing.T) { defer srvA.Shutdown() lg := &captureErrorLogger{errCh: make(chan string, 10)} - srvA.SetLogger(lg, false, false) + srvA.SetLogger(lg, true, false) template := ` listen: -1 @@ -2719,12 +2753,12 @@ func TestLeafNodeTLSConfigReloadForRemote(t *testing.T) { srvB, _ := RunServerWithConfig(confB) defer srvB.Shutdown() + lg.setFilter(func(m string) bool { + return strings.Contains(m, "bad certificate") + }) // Wait for the error select { - case err := <-lg.errCh: - if !strings.Contains(err, "bad certificate") { - t.Fatalf("Unexpected error: %v", err) - } + case <-lg.errCh: case <-time.After(2 * time.Second): t.Fatalf("Did not get TLS error") } @@ -3076,13 +3110,13 @@ func TestLeafNodeWSFailedConnection(t *testing.T) { defer ln.Shutdown() el := &captureErrorLogger{errCh: make(chan string, 100)} - ln.SetLogger(el, false, false) + ln.SetLogger(el, true, false) + el.setFilter(func(m string) bool { + return strings.Contains(m, "handshake error") + }) select { - case err := <-el.errCh: - if !strings.Contains(err, "handshake error") { - t.Fatalf("Unexpected error: %v", err) - } + case <-el.errCh: case <-time.After(time.Second): t.Fatal("No error reported!") } @@ -5002,17 +5036,18 @@ func TestLeafNodeTLSHandshakeFirst(t *testing.T) { // handshake first since the hub is configured that way. // Set a logger on s1 to capture errors l := &captureErrorLogger{errCh: make(chan string, 10)} - s1.SetLogger(l, false, false) + s1.SetLogger(l, true, false) confSpoke = createConfFile(t, []byte(fmt.Sprintf(tmpl2, o1.LeafNode.Port, "false"))) s2, _ = RunServerWithConfig(confSpoke) defer s2.Shutdown() + l.setFilter(func(m string) bool { + return strings.Contains(m, "handshake error") + }) + select { - case err := <-l.errCh: - if !strings.Contains(err, "handshake error") { - t.Fatalf("Unexpected error: %v", err) - } + case <-l.errCh: case <-time.After(2 * time.Second): t.Fatal("Did not get TLS handshake failure") }