db/pgbackrest
1
0
Fork 0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2025-07-13 01:00:23 +02:00
Code Issues Releases Activity

Add SocketClient object.

Browse Source 
This functionality was embedded into TlsClient but that was starting to get unwieldy.

Add SocketClient to contain all socket-related client functionality.
This commit is contained in:
David Steele
2020-03-31 12:43:29 -04:00
parent abb7639807
commit 8989118cc6
14 changed files with 487 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile.in
View File

@ -75,6 +75,7 @@ SRCS = \
common/io/io.c \ common/io/io.c \
common/io/read.c \ common/io/read.c \
common/io/tls/client.c \ common/io/tls/client.c \
common/io/socket/client.c \
common/io/write.c \ common/io/write.c \
common/ini.c \ common/ini.c \
common/lock.c \ common/lock.c \

6
src/command/command.c
View File

@ -186,6 +186,12 @@ cmdEnd(int code, const String *errorMessage)
{ {
MEM_CONTEXT_TEMP_BEGIN() MEM_CONTEXT_TEMP_BEGIN()
{ {
// Log socket statistics
String *sckClientStat = sckClientStatStr();
if (sckClientStat != NULL)
LOG_DETAIL(strPtr(sckClientStat));
// Log tls statistics // Log tls statistics
String *tlsClientStat = tlsClientStatStr(); String *tlsClientStat = tlsClientStatStr();

2
src/common/io/http/client.c
View File

@ -210,7 +210,7 @@ httpClientNew(
{ {
.memContext = MEM_CONTEXT_NEW(), .memContext = MEM_CONTEXT_NEW(),
.timeout = timeout, .timeout = timeout,
.tls = tlsClientNew(host, port, timeout, verifyPeer, caFile, caPath), .tls = tlsClientNew(sckClientNew(host, port, timeout), timeout, verifyPeer, caFile, caPath),
}; };
httpClientStatLocal.object++; httpClientStatLocal.object++;

301
src/common/io/socket/client.c Normal file
View File

@ -0,0 +1,301 @@
/***********************************************************************************************************************************
Socket Client
***********************************************************************************************************************************/
#include "build.auto.h"
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <unistd.h>
#ifdef __FreeBSD__
#include <netinet/in.h>
#endif
#ifdef __linux__
#include <netinet/in.h>
#include <netinet/tcp.h>
#endif
#include "common/debug.h"
#include "common/log.h"
#include "common/io/socket/client.h"
#include "common/memContext.h"
#include "common/type/object.h"
#include "common/wait.h"
/***********************************************************************************************************************************
Statistics
***********************************************************************************************************************************/
static SocketClientStat sckClientStatLocal;
/***********************************************************************************************************************************
Object type
***********************************************************************************************************************************/
struct SocketClient
{
MemContext *memContext; // Mem context
String *host; // Hostname or IP address
unsigned int port; // Port to connect to host on
TimeMSec timeout; // Timeout for any i/o operation (connect, read, etc.)
int fd; // File descriptor
};
OBJECT_DEFINE_GET(Fd, , SOCKET_CLIENT, int, fd);
OBJECT_DEFINE_GET(Host, const, SOCKET_CLIENT, const String *, host);
OBJECT_DEFINE_GET(Port, const, SOCKET_CLIENT, unsigned int, port);
OBJECT_DEFINE_MOVE(SOCKET_CLIENT);
/***********************************************************************************************************************************
Free connection
***********************************************************************************************************************************/
OBJECT_DEFINE_FREE_RESOURCE_BEGIN(SOCKET_CLIENT, LOG, logLevelTrace)
{
close(this->fd);
}
OBJECT_DEFINE_FREE_RESOURCE_END(LOG);
/**********************************************************************************************************************************/
SocketClient *
sckClientNew(const String *host, unsigned int port, TimeMSec timeout)
{
FUNCTION_LOG_BEGIN(logLevelDebug)
FUNCTION_LOG_PARAM(STRING, host);
FUNCTION_LOG_PARAM(UINT, port);
FUNCTION_LOG_PARAM(TIME_MSEC, timeout);
FUNCTION_LOG_END();
ASSERT(host != NULL);
SocketClient *this = NULL;
MEM_CONTEXT_NEW_BEGIN("SocketClient")
{
this = memNew(sizeof(SocketClient));
*this = (SocketClient)
{
.memContext = MEM_CONTEXT_NEW(),
.host = strDup(host),
.port = port,
.timeout = timeout,
// Initialize file descriptor to -1 so we know when the socket is disconnected
.fd = -1,
};
sckClientStatLocal.object++;
}
MEM_CONTEXT_NEW_END();
FUNCTION_LOG_RETURN(SOCKET_CLIENT, this);
}
/**********************************************************************************************************************************/
void
sckClientOpen(SocketClient *this)
{
FUNCTION_LOG_BEGIN(logLevelTrace)
FUNCTION_LOG_PARAM(SOCKET_CLIENT, this);
FUNCTION_LOG_END();
ASSERT(this != NULL);
CHECK(this->fd == -1);
MEM_CONTEXT_TEMP_BEGIN()
{
bool connected = false;
bool retry;
Wait *wait = this->timeout > 0 ? waitNew(this->timeout) : NULL;
do
{
// Assume there will be no retry
retry = false;
TRY_BEGIN()
{
// Set hints that narrow the type of address we are looking for -- we'll take ipv4 or ipv6
struct addrinfo hints = (struct addrinfo)
{
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = IPPROTO_TCP,
};
// Convert the port to a zero-terminated string for use with getaddrinfo()
char port[CVT_BASE10_BUFFER_SIZE];
cvtUIntToZ(this->port, port, sizeof(port));
// Get an address for the host. We are only going to try the first address returned.
struct addrinfo *hostAddress;
int result;
if ((result = getaddrinfo(strPtr(this->host), port, &hints, &hostAddress)) != 0)
{
THROW_FMT(
HostConnectError, "unable to get address for '%s': [%d] %s", strPtr(this->host), result,
gai_strerror(result));
}
// Connect to the host
TRY_BEGIN()
{
this->fd = socket(hostAddress->ai_family, hostAddress->ai_socktype, hostAddress->ai_protocol);
THROW_ON_SYS_ERROR(this->fd == -1, HostConnectError, "unable to create socket");
memContextCallbackSet(this->memContext, sckClientFreeResource, this);
if (connect(this->fd, hostAddress->ai_addr, hostAddress->ai_addrlen) == -1)
THROW_SYS_ERROR_FMT(HostConnectError, "unable to connect to '%s:%u'", strPtr(this->host), this->port);
}
FINALLY()
{
freeaddrinfo(hostAddress);
}
TRY_END();
// Enable TCP keepalives
int socketValue = 1;
THROW_ON_SYS_ERROR(
setsockopt(this->fd, IPPROTO_TCP, SO_KEEPALIVE, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPALIVE");
// Set per-connection keepalive options if they are available
#ifdef TCP_KEEPIDLE
socketValue = 3;
THROW_ON_SYS_ERROR(
setsockopt(this->fd, IPPROTO_TCP, TCP_KEEPCNT, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPCNT");
// First try + n failures to get to the timeout
socketValue = (int)this->timeout / (socketValue + 1);
THROW_ON_SYS_ERROR(
setsockopt(this->fd, IPPROTO_TCP, TCP_KEEPIDLE, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPIDLE");
THROW_ON_SYS_ERROR(
setsockopt(this->fd, IPPROTO_TCP, TCP_KEEPINTVL, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPINTVL");
#endif
// Connection was successful
connected = true;
}
CATCH_ANY()
{
// Retry if wait time has not expired
if (wait != NULL && waitMore(wait))
{
LOG_DEBUG_FMT("retry %s: %s", errorTypeName(errorType()), errorMessage());
retry = true;
sckClientStatLocal.retry++;
}
sckClientClose(this);
}
TRY_END();
}
while (!connected && retry);
if (!connected)
RETHROW();
sckClientStatLocal.session++;
}
MEM_CONTEXT_TEMP_END();
FUNCTION_LOG_RETURN_VOID();
}
/**********************************************************************************************************************************/
void
sckClientReadWait(SocketClient *this)
{
FUNCTION_LOG_BEGIN(logLevelTrace);
FUNCTION_LOG_PARAM(SOCKET_CLIENT, this);
FUNCTION_LOG_END();
ASSERT(this != NULL);
ASSERT(this->fd != -1);
// Initialize the file descriptor set used for select
fd_set selectSet;
FD_ZERO(&selectSet);
// We know the socket is not negative because it passed error handling, so it is safe to cast to unsigned
FD_SET((unsigned int)this->fd, &selectSet);
// Initialize timeout struct used for select. Recreate this structure each time since Linux (at least) will modify it.
struct timeval timeoutSelect;
timeoutSelect.tv_sec = (time_t)(this->timeout / MSEC_PER_SEC);
timeoutSelect.tv_usec = (time_t)(this->timeout % MSEC_PER_SEC * 1000);
// Determine if there is data to be read
int result = select(this->fd + 1, &selectSet, NULL, NULL, &timeoutSelect);
THROW_ON_SYS_ERROR_FMT(result == -1, AssertError, "unable to select from '%s:%u'", strPtr(this->host), this->port);
// If no data available after time allotted then error
if (!result)
{
THROW_FMT(
FileReadError, "timeout after %" PRIu64 "ms waiting for read from '%s:%u'", this->timeout, strPtr(this->host),
this->port);
}
FUNCTION_LOG_RETURN_VOID();
}
/**********************************************************************************************************************************/
void
sckClientClose(SocketClient *this)
{
FUNCTION_LOG_BEGIN(logLevelTrace);
FUNCTION_LOG_PARAM(SOCKET_CLIENT, this);
FUNCTION_LOG_END();
ASSERT(this != NULL);
// Close the socket
if (this->fd != -1)
{
memContextCallbackClear(this->memContext);
sckClientFreeResource(this);
this->fd = -1;
}
FUNCTION_LOG_RETURN_VOID();
}
/**********************************************************************************************************************************/
String *
sckClientStatStr(void)
{
FUNCTION_TEST_VOID();
String *result = NULL;
if (sckClientStatLocal.object > 0)
{
result = strNewFmt(
"socket statistics: objects %" PRIu64 ", sessions %" PRIu64 ", retries %" PRIu64, sckClientStatLocal.object,
sckClientStatLocal.session, sckClientStatLocal.retry);
}
FUNCTION_TEST_RETURN(result);
}
/**********************************************************************************************************************************/
String *
sckClientToLog(const SocketClient *this)
{
return strNewFmt("{host: %s, port: %u, timeout: %" PRIu64 "}", strPtr(this->host), this->port, this->timeout);
}

79
src/common/io/socket/client.h Normal file
View File

@ -0,0 +1,79 @@
/***********************************************************************************************************************************
Socket Client
A simple socket client intended to allow access to services that are exposed via a socket.
Currently this is not a full-featured client and is only intended to isolate socket functionality from the tls code.
***********************************************************************************************************************************/
#ifndef COMMON_IO_SOCKET_CLIENT_H
#define COMMON_IO_SOCKET_CLIENT_H
/***********************************************************************************************************************************
Object type
***********************************************************************************************************************************/
#define SOCKET_CLIENT_TYPE SocketClient
#define SOCKET_CLIENT_PREFIX sckClient
typedef struct SocketClient SocketClient;
#include "common/io/read.h"
#include "common/io/write.h"
#include "common/time.h"
#include "common/type/string.h"
/***********************************************************************************************************************************
Statistics
***********************************************************************************************************************************/
typedef struct SocketClientStat
{
uint64_t object; // Objects created
uint64_t session; // Sessions created
uint64_t retry; // Connection retries
} SocketClientStat;
/***********************************************************************************************************************************
Constructor
***********************************************************************************************************************************/
SocketClient *sckClientNew(const String *host, unsigned int port, TimeMSec timeout);
/***********************************************************************************************************************************
Functions
***********************************************************************************************************************************/
// Open the connection
void sckClientOpen(SocketClient *this);
// Wait for the socket to be readable
void sckClientReadWait(SocketClient *this);
// Close the connection
void sckClientClose(SocketClient *this);
// Move the socket to a new parent mem context
SocketClient *sckClientMove(SocketClient *this, MemContext *parentNew);
/***********************************************************************************************************************************
Getters
***********************************************************************************************************************************/
// Socket file descriptor
int sckClientFd(SocketClient *this);
// Socket host
const String *sckClientHost(const SocketClient *this);
// Socket port
unsigned int sckClientPort(const SocketClient *this);
// Statistics as a formatted string
String *sckClientStatStr(void);
/***********************************************************************************************************************************
Macros for function logging
***********************************************************************************************************************************/
String *sckClientToLog(const SocketClient *this);
#define FUNCTION_LOG_SOCKET_CLIENT_TYPE \
SocketClient *
#define FUNCTION_LOG_SOCKET_CLIENT_FORMAT(value, buffer, bufferSize) \
FUNCTION_LOG_STRING_OBJECT_FORMAT(value, sckClientToLog, buffer, bufferSize)
#endif

213
src/common/io/tls/client.c
View File

@ -3,23 +3,8 @@ TLS Client
***********************************************************************************************************************************/ ***********************************************************************************************************************************/
#include "build.auto.h" #include "build.auto.h"
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h> #include <string.h>
#include <strings.h> #include <strings.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <unistd.h>
#ifdef __FreeBSD__
#include <netinet/in.h>
#endif
#ifdef __linux__
#include <netinet/in.h>
#include <netinet/tcp.h>
#endif
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
@ -33,8 +18,6 @@ TLS Client
#include "common/io/read.intern.h" #include "common/io/read.intern.h"
#include "common/io/write.intern.h" #include "common/io/write.intern.h"
#include "common/memContext.h" #include "common/memContext.h"
#include "common/time.h"
#include "common/type/keyValue.h"
#include "common/type/object.h" #include "common/type/object.h"
#include "common/wait.h" #include "common/wait.h"
@ -49,19 +32,20 @@ Object type
struct TlsClient struct TlsClient
{ {
MemContext *memContext; // Mem context MemContext *memContext; // Mem context
String *host; // Hostname or IP address
unsigned int port; // Port to connect to host on
TimeMSec timeout; // Timeout for any i/o operation (connect, read, etc.) TimeMSec timeout; // Timeout for any i/o operation (connect, read, etc.)
bool verifyPeer; // Should the peer (server) certificate be verified? bool verifyPeer; // Should the peer (server) certificate be verified?
SocketClient *socket; // Client socket
SSL_CTX *context; // TLS context SSL_CTX *context; // TLS context
int socket; // Client socket
SSL *session; // TLS session on the socket SSL *session; // TLS session on the socket
IoRead *read; // Read interface IoRead *read; // Read interface
IoWrite *write; // Write interface IoWrite *write; // Write interface
}; };
OBJECT_DEFINE_GET(IoRead, , TLS_CLIENT, IoRead *, read);
OBJECT_DEFINE_GET(IoWrite, , TLS_CLIENT, IoWrite *, write);
OBJECT_DEFINE_FREE(TLS_CLIENT); OBJECT_DEFINE_FREE(TLS_CLIENT);
/*********************************************************************************************************************************** /***********************************************************************************************************************************
@ -69,7 +53,7 @@ Free connection
***********************************************************************************************************************************/ ***********************************************************************************************************************************/
OBJECT_DEFINE_FREE_RESOURCE_BEGIN(TLS_CLIENT, LOG, logLevelTrace) OBJECT_DEFINE_FREE_RESOURCE_BEGIN(TLS_CLIENT, LOG, logLevelTrace)
{ {
tlsClientClose(this); SSL_free(this->session);
SSL_CTX_free(this->context); SSL_CTX_free(this->context);
} }
OBJECT_DEFINE_FREE_RESOURCE_END(LOG); OBJECT_DEFINE_FREE_RESOURCE_END(LOG);
@ -129,19 +113,17 @@ tlsError(TlsClient *this, int code)
New object New object
***********************************************************************************************************************************/ ***********************************************************************************************************************************/
TlsClient * TlsClient *
tlsClientNew( tlsClientNew(SocketClient *socket, TimeMSec timeout, bool verifyPeer, const String *caFile, const String *caPath)
const String *host, unsigned int port, TimeMSec timeout, bool verifyPeer, const String *caFile, const String *caPath)
{ {
FUNCTION_LOG_BEGIN(logLevelDebug) FUNCTION_LOG_BEGIN(logLevelDebug)
FUNCTION_LOG_PARAM(STRING, host); FUNCTION_LOG_PARAM(SOCKET_CLIENT, socket);
FUNCTION_LOG_PARAM(UINT, port);
FUNCTION_LOG_PARAM(TIME_MSEC, timeout); FUNCTION_LOG_PARAM(TIME_MSEC, timeout);
FUNCTION_LOG_PARAM(BOOL, verifyPeer); FUNCTION_LOG_PARAM(BOOL, verifyPeer);
FUNCTION_LOG_PARAM(STRING, caFile); FUNCTION_LOG_PARAM(STRING, caFile);
FUNCTION_LOG_PARAM(STRING, caPath); FUNCTION_LOG_PARAM(STRING, caPath);
FUNCTION_LOG_END(); FUNCTION_LOG_END();
ASSERT(host != NULL); ASSERT(socket != NULL);
TlsClient *this = NULL; TlsClient *this = NULL;
@ -152,13 +134,9 @@ tlsClientNew(
*this = (TlsClient) *this = (TlsClient)
{ {
.memContext = MEM_CONTEXT_NEW(), .memContext = MEM_CONTEXT_NEW(),
.host = strDup(host), .socket = sckClientMove(socket, MEM_CONTEXT_NEW()),
.port = port,
.timeout = timeout, .timeout = timeout,
.verifyPeer = verifyPeer, .verifyPeer = verifyPeer,
// Initialize socket to -1 so we know when it is disconnected
.socket = -1,
}; };
// Setup TLS context // Setup TLS context
@ -340,46 +318,6 @@ tlsClientHostVerify(const String *host, X509 *certificate)
FUNCTION_LOG_RETURN(BOOL, result); FUNCTION_LOG_RETURN(BOOL, result);
} }
/***********************************************************************************************************************************
Wait for the socket to be readable
***********************************************************************************************************************************/
static void
tlsClientReadWait(TlsClient *this)
{
FUNCTION_LOG_BEGIN(logLevelTrace);
FUNCTION_LOG_PARAM(TLS_CLIENT, this);
FUNCTION_LOG_END();
ASSERT(this != NULL);
ASSERT(this->session != NULL);
// Initialize the file descriptor set used for select
fd_set selectSet;
FD_ZERO(&selectSet);
// We know the socket is not negative because it passed error handling, so it is safe to cast to unsigned
FD_SET((unsigned int)this->socket, &selectSet);
// Initialize timeout struct used for select. Recreate this structure each time since Linux (at least) will modify it.
struct timeval timeoutSelect;
timeoutSelect.tv_sec = (time_t)(this->timeout / MSEC_PER_SEC);
timeoutSelect.tv_usec = (time_t)(this->timeout % MSEC_PER_SEC * 1000);
// Determine if there is data to be read
int result = select(this->socket + 1, &selectSet, NULL, NULL, &timeoutSelect);
THROW_ON_SYS_ERROR_FMT(result == -1, AssertError, "unable to select from '%s:%u'", strPtr(this->host), this->port);
// If no data read after time allotted then error
if (!result)
{
THROW_FMT(
FileReadError, "timeout after %" PRIu64 "ms waiting for read from '%s:%u'", this->timeout, strPtr(this->host),
this->port);
}
FUNCTION_LOG_RETURN_VOID();
}
/*********************************************************************************************************************************** /***********************************************************************************************************************************
Read from the TLS session Read from the TLS session
***********************************************************************************************************************************/ ***********************************************************************************************************************************/
@ -406,7 +344,7 @@ tlsClientRead(THIS_VOID, Buffer *buffer, bool block)
{ {
// If no tls data pending then check the socket // If no tls data pending then check the socket
if (!SSL_pending(this->session)) if (!SSL_pending(this->session))
tlsClientReadWait(this); sckClientReadWait(this->socket);
// Read and handle errors // Read and handle errors
size_t expectedBytes = bufRemains(buffer); size_t expectedBytes = bufRemains(buffer);
@ -456,7 +394,7 @@ tlsWriteContinue(TlsClient *this, int writeResult, int writeError, size_t writeS
THROW_FMT(FileWriteError, "unable to write to tls [%d]", writeError); THROW_FMT(FileWriteError, "unable to write to tls [%d]", writeError);
// Wait for the socket to be readable for tls renegotiation // Wait for the socket to be readable for tls renegotiation
tlsClientReadWait(this); sckClientReadWait(this->socket);
} }
} }
else else
@ -512,11 +450,7 @@ tlsClientClose(TlsClient *this)
ASSERT(this != NULL); ASSERT(this != NULL);
// Close the socket // Close the socket
if (this->socket != -1) sckClientClose(this->socket);
{
close(this->socket);
this->socket = -1;
}
// Free the TLS session // Free the TLS session
if (this->session != NULL) if (this->session != NULL)
@ -580,76 +514,17 @@ tlsClientOpen(TlsClient *this)
TRY_BEGIN() TRY_BEGIN()
{ {
// Set hits that narrow the type of address we are looking for -- we'll take ipv4 or ipv6 // Open the socket
struct addrinfo hints = (struct addrinfo) sckClientOpen(this->socket);
{
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = IPPROTO_TCP,
};
// Convert the port to a zero-terminated string for use with getaddrinfo()
char port[CVT_BASE10_BUFFER_SIZE];
cvtUIntToZ(this->port, port, sizeof(port));
// Get an address for the host. We are only going to try the first address returned.
struct addrinfo *hostAddress;
int result;
if ((result = getaddrinfo(strPtr(this->host), port, &hints, &hostAddress)) != 0)
{
THROW_FMT(
HostConnectError, "unable to get address for '%s': [%d] %s", strPtr(this->host), result,
gai_strerror(result));
}
// Connect to the host
TRY_BEGIN()
{
this->socket = socket(hostAddress->ai_family, hostAddress->ai_socktype, hostAddress->ai_protocol);
THROW_ON_SYS_ERROR(this->socket == -1, HostConnectError, "unable to create socket");
if (connect(this->socket, hostAddress->ai_addr, hostAddress->ai_addrlen) == -1)
THROW_SYS_ERROR_FMT(HostConnectError, "unable to connect to '%s:%u'", strPtr(this->host), this->port);
}
FINALLY()
{
freeaddrinfo(hostAddress);
}
TRY_END();
// Enable TCP keepalives
int socketValue = 1;
THROW_ON_SYS_ERROR(
setsockopt(this->socket, IPPROTO_TCP, SO_KEEPALIVE, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPALIVE");
// Set per-connection keepalive options if they are available
#ifdef TCP_KEEPIDLE
socketValue = 3;
THROW_ON_SYS_ERROR(
setsockopt(this->socket, IPPROTO_TCP, TCP_KEEPCNT, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPCNT");
// First try + n failures to get to the timeout
socketValue = (int)this->timeout / (socketValue + 1);
THROW_ON_SYS_ERROR(
setsockopt(this->socket, IPPROTO_TCP, TCP_KEEPIDLE, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPIDLE");
THROW_ON_SYS_ERROR(
setsockopt(this->socket, IPPROTO_TCP, TCP_KEEPINTVL, &socketValue, sizeof(int)) == -1, ProtocolError,
"unable set SO_KEEPINTVL");
#endif
// Negotiate TLS // Negotiate TLS
cryptoError((this->session = SSL_new(this->context)) == NULL, "unable to create TLS context"); cryptoError((this->session = SSL_new(this->context)) == NULL, "unable to create TLS context");
cryptoError(SSL_set_tlsext_host_name(this->session, strPtr(this->host)) != 1, "unable to set TLS host name"); cryptoError(
cryptoError(SSL_set_fd(this->session, this->socket) != 1, "unable to add socket to TLS context"); SSL_set_tlsext_host_name(this->session, strPtr(sckClientHost(this->socket))) != 1,
"unable to set TLS host name");
cryptoError(
SSL_set_fd(this->session, sckClientFd(this->socket)) != 1, "unable to add socket to TLS context");
cryptoError(SSL_connect(this->session) != 1, "unable to negotiate TLS connection"); cryptoError(SSL_connect(this->session) != 1, "unable to negotiate TLS connection");
// Connection was successful // Connection was successful
@ -686,20 +561,22 @@ tlsClientOpen(TlsClient *this)
if (verifyResult != X509_V_OK) if (verifyResult != X509_V_OK)
{ {
THROW_FMT( THROW_FMT(
CryptoError, "unable to verify certificate presented by '%s:%u': [%ld] %s", strPtr(this->host), CryptoError, "unable to verify certificate presented by '%s:%u': [%ld] %s",
this->port, verifyResult, X509_verify_cert_error_string(verifyResult)); strPtr(sckClientHost(this->socket)), sckClientPort(this->socket), verifyResult,
X509_verify_cert_error_string(verifyResult));
} }
// Verify that the hostname appears in the certificate // Verify that the hostname appears in the certificate
X509 *certificate = SSL_get_peer_certificate(this->session); X509 *certificate = SSL_get_peer_certificate(this->session);
bool nameResult = tlsClientHostVerify(this->host, certificate); bool nameResult = tlsClientHostVerify(sckClientHost(this->socket), certificate);
X509_free(certificate); X509_free(certificate);
if (!nameResult) if (!nameResult)
{ {
THROW_FMT( THROW_FMT(
CryptoError, CryptoError,
"unable to find hostname '%s' in certificate common name or subject alternative names", strPtr(this->host)); "unable to find hostname '%s' in certificate common name or subject alternative names",
strPtr(sckClientHost(this->socket)));
} }
} }
@ -717,14 +594,10 @@ tlsClientOpen(TlsClient *this)
result = true; result = true;
} }
tlsClientStatLocal.request++;
FUNCTION_LOG_RETURN(BOOL, result); FUNCTION_LOG_RETURN(BOOL, result);
} }
/*********************************************************************************************************************************** /**********************************************************************************************************************************/
Format statistics to a string
***********************************************************************************************************************************/
String * String *
tlsClientStatStr(void) tlsClientStatStr(void)
{ {
@ -735,39 +608,9 @@ tlsClientStatStr(void)
if (tlsClientStatLocal.object > 0) if (tlsClientStatLocal.object > 0)
{ {
result = strNewFmt( result = strNewFmt(
"tls statistics: objects %" PRIu64 ", sessions %" PRIu64 ", requests %" PRIu64 ", retries %" PRIu64, "tls statistics: objects %" PRIu64 ", sessions %" PRIu64 ", retries %" PRIu64, tlsClientStatLocal.object,
tlsClientStatLocal.object, tlsClientStatLocal.session, tlsClientStatLocal.request, tlsClientStatLocal.retry); tlsClientStatLocal.session, tlsClientStatLocal.retry);
} }
FUNCTION_TEST_RETURN(result); FUNCTION_TEST_RETURN(result);
} }
/***********************************************************************************************************************************
Get read interface
***********************************************************************************************************************************/
IoRead *
tlsClientIoRead(const TlsClient *this)
{
FUNCTION_TEST_BEGIN();
FUNCTION_TEST_PARAM(TLS_CLIENT, this);
FUNCTION_TEST_END();
ASSERT(this != NULL);
FUNCTION_TEST_RETURN(this->read);
}
/***********************************************************************************************************************************
Get write interface
***********************************************************************************************************************************/
IoWrite *
tlsClientIoWrite(const TlsClient *this)
{
FUNCTION_TEST_BEGIN();
FUNCTION_TEST_PARAM(TLS_CLIENT, this);
FUNCTION_TEST_END();
ASSERT(this != NULL);
FUNCTION_TEST_RETURN(this->write);
}

19
src/common/io/tls/client.h
View File

@ -24,6 +24,7 @@ Object type
typedef struct TlsClient TlsClient; typedef struct TlsClient TlsClient;
#include "common/io/socket/client.h"
#include "common/io/read.h" #include "common/io/read.h"
#include "common/io/write.h" #include "common/io/write.h"
#include "common/time.h" #include "common/time.h"
@ -36,28 +37,34 @@ typedef struct TlsClientStat
{ {
uint64_t object; // Objects created uint64_t object; // Objects created
uint64_t session; // Sessions created uint64_t session; // Sessions created
uint64_t request; // Requests (i.e. calls to tlsClientOpen())
uint64_t retry; // Connection retries uint64_t retry; // Connection retries
} TlsClientStat; } TlsClientStat;
/*********************************************************************************************************************************** /***********************************************************************************************************************************
Constructor Constructor
***********************************************************************************************************************************/ ***********************************************************************************************************************************/
TlsClient *tlsClientNew( TlsClient *tlsClientNew(SocketClient *socket, TimeMSec timeout, bool verifyPeer, const String *caFile, const String *caPath);
const String *host, unsigned int port, TimeMSec timeout, bool verifyPeer, const String *caFile, const String *caPath);
/*********************************************************************************************************************************** /***********************************************************************************************************************************
Functions Functions
***********************************************************************************************************************************/ ***********************************************************************************************************************************/
// Open tls connection
bool tlsClientOpen(TlsClient *this); bool tlsClientOpen(TlsClient *this);
// Close tls connection
void tlsClientClose(TlsClient *this); void tlsClientClose(TlsClient *this);
String *tlsClientStatStr(void);
/*********************************************************************************************************************************** /***********************************************************************************************************************************
Getters Getters
***********************************************************************************************************************************/ ***********************************************************************************************************************************/
IoRead *tlsClientIoRead(const TlsClient *this); // Read interface
IoWrite *tlsClientIoWrite(const TlsClient *this); IoRead *tlsClientIoRead(TlsClient *this);
// Write interface
IoWrite *tlsClientIoWrite(TlsClient *this);
// Statistics as a formatted string
String *tlsClientStatStr(void);
/*********************************************************************************************************************************** /***********************************************************************************************************************************
Destructor Destructor

1
test/define.yaml
View File

@ -244,6 +244,7 @@ unit:
coverage: coverage:
common/io/tls/client: full common/io/tls/client: full
common/io/socket/client: full
# ---------------------------------------------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------------------------------------------
- name: io-http - name: io-http

1
test/expect/mock-archive-002.log
View File

@ -29,6 +29,7 @@ stanza-create db - stanza create (backup host)
> [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-create > [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-create
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-create command end: completed successfully P00 INFO: stanza-create command end: completed successfully

1
test/expect/mock-archive-stop-002.log
View File

@ -5,6 +5,7 @@ stanza-create db - create required data for stanza (backup host)
> [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-create > [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-create
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-create command end: completed successfully P00 INFO: stanza-create command end: completed successfully

14
test/expect/mock-stanza-002.log
View File

@ -19,6 +19,7 @@ P00 ERROR: [055]: unable to load info file '/archive/db/archive.info' or '/arch
HINT: is archive_command configured correctly in postgresql.conf? HINT: is archive_command configured correctly in postgresql.conf?
HINT: has a stanza-create been performed? HINT: has a stanza-create been performed?
HINT: use --no-archive-check to disable archive checks during backup if you have an alternate archiving scheme. HINT: use --no-archive-check to disable archive checks during backup if you have an alternate archiving scheme.
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-upgrade command end: aborted with exception [055] P00 INFO: stanza-upgrade command end: aborted with exception [055]
@ -27,6 +28,7 @@ stanza-create db - successfully create the stanza (backup host)
> [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-create > [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-create
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-create command end: completed successfully P00 INFO: stanza-create command end: completed successfully
@ -78,6 +80,7 @@ stanza-create db - do not fail on rerun of stanza-create - info files exist and
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-create command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 INFO: stanza 'db' already exists and is valid P00 INFO: stanza 'db' already exists and is valid
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-create command end: completed successfully P00 INFO: stanza-create command end: completed successfully
@ -132,6 +135,7 @@ P00 WARN: option --force is no longer supported
P00 ERROR: [028]: backup and archive info files exist but do not match the database P00 ERROR: [028]: backup and archive info files exist but do not match the database
HINT: is this the correct stanza? HINT: is this the correct stanza?
HINT: did an error occur during stanza-upgrade? HINT: did an error occur during stanza-upgrade?
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-create command end: aborted with exception [028] P00 INFO: stanza-create command end: aborted with exception [028]
@ -183,6 +187,7 @@ stanza-upgrade db - already up to date (backup host)
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-upgrade command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-upgrade command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 INFO: stanza 'db' is already up to date P00 INFO: stanza 'db' is already up to date
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-upgrade command end: completed successfully P00 INFO: stanza-upgrade command end: completed successfully
@ -250,6 +255,7 @@ stanza-upgrade db - successful upgrade creates additional history (backup host)
> [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-upgrade > [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-upgrade
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-upgrade command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-upgrade command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-upgrade command end: completed successfully P00 INFO: stanza-upgrade command end: completed successfully
@ -319,12 +325,14 @@ P01 INFO: backup file db-master:[TEST_PATH]/db-master/db/base/pg_xlog/archive_
P01 INFO: backup file db-master:[TEST_PATH]/db-master/db/base/pg_xlog/archive_status/000000010000000100000001.ready (0B, 100%) P01 INFO: backup file db-master:[TEST_PATH]/db-master/db/base/pg_xlog/archive_status/000000010000000100000001.ready (0B, 100%)
P00 INFO: full backup size = 48MB P00 INFO: full backup size = 48MB
P00 INFO: new backup label = [BACKUP-FULL-1] P00 INFO: new backup label = [BACKUP-FULL-1]
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: backup command end: completed successfully P00 INFO: backup command end: completed successfully
P00 INFO: expire command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --config=[TEST_PATH]/backup/pgbackrest.conf --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-retention-full=2 --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: expire command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --config=[TEST_PATH]/backup/pgbackrest.conf --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-retention-full=2 --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 INFO: remove archive path: /archive/db/9.3-1 P00 INFO: remove archive path: /archive/db/9.3-1
P00 INFO: full backup total < 2 - using oldest full backup for 9.4-2 archive retention P00 INFO: full backup total < 2 - using oldest full backup for 9.4-2 archive retention
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: expire command end: completed successfully P00 INFO: expire command end: completed successfully
@ -396,6 +404,7 @@ stanza-upgrade db - successfully upgrade (backup host)
> [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-upgrade > [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db --no-online stanza-upgrade
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-upgrade command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-upgrade command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --no-online --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-upgrade command end: completed successfully P00 INFO: stanza-upgrade command end: completed successfully
@ -457,6 +466,7 @@ P00 ERROR: [028]: backup info file and archive info file do not match
archive: id = 2, version = 9.5, system-id = 1000000000000000095 archive: id = 2, version = 9.5, system-id = 1000000000000000095
backup : id = 3, version = 9.5, system-id = 1000000000000000095 backup : id = 3, version = 9.5, system-id = 1000000000000000095
HINT: this may be a symptom of repository corruption! HINT: this may be a symptom of repository corruption!
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-upgrade command end: aborted with exception [028] P00 INFO: stanza-upgrade command end: aborted with exception [028]
@ -524,10 +534,12 @@ P01 INFO: backup file db-master:[TEST_PATH]/db-master/db/base/pg_xlog/archive_
P01 INFO: backup file db-master:[TEST_PATH]/db-master/db/base/pg_xlog/archive_status/000000010000000100000001.ready (0B, 100%) P01 INFO: backup file db-master:[TEST_PATH]/db-master/db/base/pg_xlog/archive_status/000000010000000100000001.ready (0B, 100%)
P00 INFO: full backup size = 48MB P00 INFO: full backup size = 48MB
P00 INFO: new backup label = [BACKUP-FULL-2] P00 INFO: new backup label = [BACKUP-FULL-2]
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: backup command end: completed successfully P00 INFO: backup command end: completed successfully
P00 INFO: expire command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --config=[TEST_PATH]/backup/pgbackrest.conf --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-retention-full=2 --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: expire command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --config=[TEST_PATH]/backup/pgbackrest.conf --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-retention-full=2 --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: expire command end: completed successfully P00 INFO: expire command end: completed successfully
@ -601,6 +613,7 @@ stanza-delete db - fail on missing stop file (backup host)
P00 INFO: stanza-delete command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-delete command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 ERROR: [055]: stop file does not exist for stanza 'db' P00 ERROR: [055]: stop file does not exist for stanza 'db'
HINT: has the pgbackrest stop command been run on this server for this stanza? HINT: has the pgbackrest stop command been run on this server for this stanza?
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-delete command end: aborted with exception [055] P00 INFO: stanza-delete command end: aborted with exception [055]
@ -625,6 +638,7 @@ stanza-delete db - successfully delete the stanza (backup host)
> [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db stanza-delete > [CONTAINER-EXEC] backup [BACKREST-BIN] --config=[TEST_PATH]/backup/pgbackrest.conf --stanza=db stanza-delete
------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------
P00 INFO: stanza-delete command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db P00 INFO: stanza-delete command begin [BACKREST-VERSION]: --buffer-size=[BUFFER-SIZE] --compress-level-network=1 --config=[TEST_PATH]/backup/pgbackrest.conf --db-timeout=45 --lock-path=[TEST_PATH]/backup/lock --log-level-console=detail --log-level-file=[LOG-LEVEL-FILE] --log-level-stderr=off --log-path=[TEST_PATH]/backup/log[] --no-log-timestamp --pg1-host=db-master --pg1-host-cmd=[BACKREST-BIN] --pg1-host-config=[TEST_PATH]/db-master/pgbackrest.conf --pg1-host-user=[USER-1] --pg1-path=[TEST_PATH]/db-master/db/base --protocol-timeout=60 --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/ --repo1-s3-bucket=pgbackrest-dev --repo1-s3-endpoint=s3.amazonaws.com --repo1-s3-key=<redacted> --repo1-s3-key-secret=<redacted> --repo1-s3-region=us-east-1 --no-repo1-s3-verify-tls --repo1-type=s3 --stanza=db
P00 DETAIL: socket statistics:[SOCKET-STATISTICS]
P00 DETAIL: tls statistics:[TLS-STATISTICS] P00 DETAIL: tls statistics:[TLS-STATISTICS]
P00 INFO: http statistics:[HTTP-STATISTICS] P00 INFO: http statistics:[HTTP-STATISTICS]
P00 INFO: stanza-delete command end: completed successfully P00 INFO: stanza-delete command end: completed successfully

1
test/lib/pgBackRestTest/Common/LogTest.pm
View File

@ -390,6 +390,7 @@ sub regExpReplaceAll
$strLine = $self->regExpReplace( $strLine = $self->regExpReplace(
$strLine, 'BACKUP-EXPR', 'strExpression \= \_[0-9]{8}\-[0-9]{6}', '\_[0-9]{8}\-[0-9]{6}$', false); $strLine, 'BACKUP-EXPR', 'strExpression \= \_[0-9]{8}\-[0-9]{6}', '\_[0-9]{8}\-[0-9]{6}$', false);
$strLine = $self->regExpReplace($strLine, 'SOCKET-STATISTICS', 'socket statistics\:.*$', '[^\:]+$', false);
$strLine = $self->regExpReplace($strLine, 'TLS-STATISTICS', 'tls statistics\:.*$', '[^\:]+$', false); $strLine = $self->regExpReplace($strLine, 'TLS-STATISTICS', 'tls statistics\:.*$', '[^\:]+$', false);
$strLine = $self->regExpReplace($strLine, 'HTTP-STATISTICS', 'http statistics\:.*$', '[^\:]+$', false); $strLine = $self->regExpReplace($strLine, 'HTTP-STATISTICS', 'http statistics\:.*$', '[^\:]+$', false);

7
test/src/module/command/commandTest.c
View File

@ -121,14 +121,19 @@ testRun(void)
cfgOptionSet(cfgOptLogTimestamp, cfgSourceParam, varNewBool(true)); cfgOptionSet(cfgOptLogTimestamp, cfgSourceParam, varNewBool(true));
tlsClientNew(strNew("BOGUS"), 443, 1000, true, NULL, NULL);
httpClientNew(strNew("BOGUS"), 443, 1000, true, NULL, NULL); httpClientNew(strNew("BOGUS"), 443, 1000, true, NULL, NULL);
harnessLogLevelSet(logLevelDetail);
TEST_RESULT_VOID(cmdEnd(0, NULL), "command end with success"); TEST_RESULT_VOID(cmdEnd(0, NULL), "command end with success");
hrnLogReplaceAdd("\\([0-9]+ms\\)", "[0-9]+", "TIME", false); hrnLogReplaceAdd("\\([0-9]+ms\\)", "[0-9]+", "TIME", false);
TEST_RESULT_LOG( TEST_RESULT_LOG(
"P00 DETAIL: socket statistics: objects 1, sessions 0, retries 0\n"
"P00 DETAIL: tls statistics: objects 1, sessions 0, retries 0\n"
"P00 INFO: http statistics: objects 1, sessions 0, requests 0, retries 0, closes 0\n" "P00 INFO: http statistics: objects 1, sessions 0, requests 0, retries 0, closes 0\n"
"P00 INFO: archive-get command end: completed successfully ([TIME]ms)"); "P00 INFO: archive-get command end: completed successfully ([TIME]ms)");
harnessLogLevelReset();
} }
FUNCTION_HARNESS_RESULT_VOID(); FUNCTION_HARNESS_RESULT_VOID();

43
test/src/module/common/ioTlsTest.c
View File

@ -121,7 +121,9 @@ testRun(void)
{ {
TlsClient *client = NULL; TlsClient *client = NULL;
TEST_ASSIGN(client, tlsClientNew(strNew("99.99.99.99.99"), harnessTlsTestPort(), 0, true, NULL, NULL), "new client"); TEST_ASSIGN(
client, tlsClientNew(sckClientNew(strNew("99.99.99.99.99"), harnessTlsTestPort(), 0), 0, true, NULL, NULL),
"new client");
TEST_RESULT_BOOL(tlsError(client, SSL_ERROR_WANT_READ), true, "continue after want read"); TEST_RESULT_BOOL(tlsError(client, SSL_ERROR_WANT_READ), true, "continue after want read");
TEST_RESULT_BOOL(tlsError(client, SSL_ERROR_ZERO_RETURN), false, "check connection closed error"); TEST_RESULT_BOOL(tlsError(client, SSL_ERROR_ZERO_RETURN), false, "check connection closed error");
@ -135,11 +137,15 @@ testRun(void)
// Connection errors // Connection errors
// ------------------------------------------------------------------------------------------------------------------------- // -------------------------------------------------------------------------------------------------------------------------
TEST_ASSIGN(client, tlsClientNew(strNew("99.99.99.99.99"), harnessTlsTestPort(), 0, true, NULL, NULL), "new client"); TEST_ASSIGN(
client, tlsClientNew(sckClientNew(strNew("99.99.99.99.99"), harnessTlsTestPort(), 0), 0, true, NULL, NULL),
"new client");
TEST_ERROR( TEST_ERROR(
tlsClientOpen(client), HostConnectError, "unable to get address for '99.99.99.99.99': [-2] Name or service not known"); tlsClientOpen(client), HostConnectError, "unable to get address for '99.99.99.99.99': [-2] Name or service not known");
TEST_ASSIGN(client, tlsClientNew(strNew("localhost"), harnessTlsTestPort(), 100, true, NULL, NULL), "new client"); TEST_ASSIGN(
client, tlsClientNew(sckClientNew(strNew("localhost"), harnessTlsTestPort(), 100), 100, true, NULL, NULL),
"new client");
TEST_ERROR_FMT( TEST_ERROR_FMT(
tlsClientOpen(client), HostConnectError, "unable to connect to 'localhost:%u': [111] Connection refused", tlsClientOpen(client), HostConnectError, "unable to connect to 'localhost:%u': [111] Connection refused",
harnessTlsTestPort()); harnessTlsTestPort());
@ -162,10 +168,13 @@ testRun(void)
TEST_ERROR( TEST_ERROR(
tlsClientOpen( tlsClientOpen(
tlsClientNew(strNew("localhost"), harnessTlsTestPort(), 500, true, strNew("bogus.crt"), strNew("/bogus"))), tlsClientNew(
sckClientNew(strNew("localhost"), harnessTlsTestPort(), 500), 500, true, strNew("bogus.crt"),
strNew("/bogus"))),
CryptoError, "unable to set user-defined CA certificate location: [33558530] No such file or directory"); CryptoError, "unable to set user-defined CA certificate location: [33558530] No such file or directory");
TEST_ERROR_FMT( TEST_ERROR_FMT(
tlsClientOpen(tlsClientNew(strNew("localhost"), harnessTlsTestPort(), 500, true, NULL, strNew("/bogus"))), tlsClientOpen(
tlsClientNew(sckClientNew(strNew("localhost"), harnessTlsTestPort(), 500), 500, true, NULL, strNew("/bogus"))),
CryptoError, "unable to verify certificate presented by 'localhost:%u': [20] unable to get local issuer certificate", CryptoError, "unable to verify certificate presented by 'localhost:%u': [20] unable to get local issuer certificate",
harnessTlsTestPort()); harnessTlsTestPort());
@ -173,17 +182,20 @@ testRun(void)
{ {
TEST_RESULT_VOID( TEST_RESULT_VOID(
tlsClientOpen( tlsClientOpen(
tlsClientNew(strNew("test.pgbackrest.org"), harnessTlsTestPort(), 500, true, tlsClientNew(
sckClientNew(strNew("test.pgbackrest.org"), harnessTlsTestPort(), 500), 500, true,
strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)), strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)),
"success on valid ca file and match common name"); "success on valid ca file and match common name");
TEST_RESULT_VOID( TEST_RESULT_VOID(
tlsClientOpen( tlsClientOpen(
tlsClientNew(strNew("host.test2.pgbackrest.org"), harnessTlsTestPort(), 500, true, tlsClientNew(
sckClientNew(strNew("host.test2.pgbackrest.org"), harnessTlsTestPort(), 500), 500, true,
strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)), strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)),
"success on valid ca file and match alt name"); "success on valid ca file and match alt name");
TEST_ERROR( TEST_ERROR(
tlsClientOpen( tlsClientOpen(
tlsClientNew(strNew("test3.pgbackrest.org"), harnessTlsTestPort(), 500, true, tlsClientNew(
sckClientNew(strNew("test3.pgbackrest.org"), harnessTlsTestPort(), 500), 500, true,
strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)), strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)),
CryptoError, CryptoError,
"unable to find hostname 'test3.pgbackrest.org' in certificate common name or subject alternative names"); "unable to find hostname 'test3.pgbackrest.org' in certificate common name or subject alternative names");
@ -192,21 +204,26 @@ testRun(void)
TEST_ERROR_FMT( TEST_ERROR_FMT(
tlsClientOpen( tlsClientOpen(
tlsClientNew( tlsClientNew(
strNew("localhost"), harnessTlsTestPort(), 500, true, strNewFmt("%s/" TEST_CERTIFICATE_PREFIX ".crt", sckClientNew(strNew("localhost"), harnessTlsTestPort(), 500), 500, true,
testRepoPath()), strNewFmt("%s/" TEST_CERTIFICATE_PREFIX ".crt", testRepoPath()),
NULL)), NULL)),
CryptoError, "unable to verify certificate presented by 'localhost:%u': [20] unable to get local issuer certificate", CryptoError, "unable to verify certificate presented by 'localhost:%u': [20] unable to get local issuer certificate",
harnessTlsTestPort()); harnessTlsTestPort());
TEST_RESULT_VOID( TEST_RESULT_VOID(
tlsClientOpen(tlsClientNew(strNew("localhost"), harnessTlsTestPort(), 500, false, NULL, NULL)), "success on no verify"); tlsClientOpen(
tlsClientNew(sckClientNew(strNew("localhost"), harnessTlsTestPort(), 500), 500, false, NULL, NULL)),
"success on no verify");
} }
// ***************************************************************************************************************************** // *****************************************************************************************************************************
if (testBegin("TlsClient general usage")) if (testBegin("TlsClient general usage"))
{ {
TlsClient *client = NULL; TlsClient *client = NULL;
// Reset statistics // Reset statistics
sckClientStatLocal = (SocketClientStat){0};
TEST_RESULT_PTR(sckClientStatStr(), NULL, "no stats yet");
tlsClientStatLocal = (TlsClientStat){0}; tlsClientStatLocal = (TlsClientStat){0};
TEST_RESULT_PTR(tlsClientStatStr(), NULL, "no stats yet"); TEST_RESULT_PTR(tlsClientStatStr(), NULL, "no stats yet");
@ -214,7 +231,8 @@ testRun(void)
ioBufferSizeSet(12); ioBufferSizeSet(12);
TEST_ASSIGN( TEST_ASSIGN(
client, tlsClientNew(harnessTlsTestHost(), harnessTlsTestPort(), 500, testContainer(), NULL, NULL), "new client"); client, tlsClientNew(sckClientNew(harnessTlsTestHost(), harnessTlsTestPort(), 500), 500, testContainer(), NULL, NULL),
"new client");
TEST_RESULT_VOID(tlsClientOpen(client), "open client"); TEST_RESULT_VOID(tlsClientOpen(client), "open client");
const Buffer *input = BUFSTRDEF("some protocol info"); const Buffer *input = BUFSTRDEF("some protocol info");
@ -264,6 +282,7 @@ testRun(void)
TEST_ERROR(tlsWriteContinue(client, 0, SSL_ERROR_ZERO_RETURN, 1), FileWriteError, "unable to write to tls [6]"); TEST_ERROR(tlsWriteContinue(client, 0, SSL_ERROR_ZERO_RETURN, 1), FileWriteError, "unable to write to tls [6]");
// ------------------------------------------------------------------------------------------------------------------------- // -------------------------------------------------------------------------------------------------------------------------
TEST_RESULT_BOOL(sckClientStatStr() != NULL, true, "check statistics exist");
TEST_RESULT_BOOL(tlsClientStatStr() != NULL, true, "check statistics exist"); TEST_RESULT_BOOL(tlsClientStatStr() != NULL, true, "check statistics exist");
TEST_RESULT_VOID(tlsClientFree(client), "free client"); TEST_RESULT_VOID(tlsClientFree(client), "free client");