Fix ssl tests (#2042)

* Revert "Reverted bad modification #2035" This reverts commit 6d6eca5e. * spaces * fix * better * Revert "Disabled ill-formed test #2035" This reverts commit b28cef98. * debug * fix * fix * fix * fix * fix * fix * clean * Tests compile fix

Fix ssl tests (#2042)
* Revert "Reverted bad modification #2035" This reverts commit 6d6eca5e. * spaces * fix * better * Revert "Disabled ill-formed test #2035" This reverts commit b28cef98. * debug * fix * fix * fix * fix * fix * fix * clean * Tests compile fix
d056d7e5 · proller · GitHub · fd4c0403 · d056d7e5 · d056d7e5
7 changed file
--- a/dbms/tests/CMakeLists.txt
+++ b/dbms/tests/CMakeLists.txt
@@ -25,6 +25,12 @@ add_subdirectory (external_dictionaries)
 if (ENABLE_TESTS)
    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CTestCustom.cmake ${CMAKE_BINARY_DIR})

+    if ($ENV{TEST_OPT})
+        set(TEST_OPT $ENV{TEST_OPT})
+    else ()
+        set(TEST_OPT "--skip compile")
+    endif ()
+
    # maybe add --no-long ?
-    add_test(NAME with_server COMMAND bash -c "env BUILD_DIR=${ClickHouse_BINARY_DIR} TEST_OPT='--skip compile' ${CMAKE_CURRENT_SOURCE_DIR}/clickhouse-test-server")
+    add_test(NAME with_server COMMAND bash -c "env BUILD_DIR=${ClickHouse_BINARY_DIR} TEST_OPT='${TEST_OPT}' ${CMAKE_CURRENT_SOURCE_DIR}/clickhouse-test-server")
 endif ()
--- a/dbms/tests/clickhouse-test-server
+++ b/dbms/tests/clickhouse-test-server
@@ -23,7 +23,7 @@ export CLICKHOUSE_CONFIG=${CLICKHOUSE_CONFIG:=${CONFIG_SERVER_DIR}server-test.xm
 [ ! -d "$QUERIES_DIR" ] && QUERIES_DIR=${QUERIES_DIR=/usr/share/clickhouse-test/queries}

 rm -rf $DATA_DIR
-mkdir -p $LOG_DIR $DATA_DIR
+mkdir -p $LOG_DIR

 openssl dhparam -out `${BIN_DIR}clickhouse-extract-from-config --config=$CLICKHOUSE_CONFIG  --key=openSSL.server.dhParamsFile` 256
 openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout `${BIN_DIR}clickhouse-extract-from-config --config=$CLICKHOUSE_CONFIG  --key=openSSL.server.privateKeyFile` -out `${BIN_DIR}clickhouse-extract-from-config --config=$CLICKHOUSE_CONFIG  --key=openSSL.server.certificateFile`

--- a/dbms/tests/client-test.xml
+++ b/dbms/tests/client-test.xml
@@ -2,4 +2,16 @@
 <yandex>
    <tcp_port>59000</tcp_port>
    <tcp_ssl_port>59440</tcp_ssl_port>
+    <openSSL>
+        <client>
+            <loadDefaultCAFile>true</loadDefaultCAFile>
+            <cacheSessions>true</cacheSessions>
+            <disableProtocols>sslv2,sslv3</disableProtocols>
+            <preferServerCiphers>true</preferServerCiphers>
+            <verificationMode>none</verificationMode>
+            <invalidCertificateHandler>
+                <name>AcceptCertificateHandler</name>
+            </invalidCertificateHandler>
+        </client>
+    </openSSL>
 </yandex>
--- a/dbms/tests/queries/0_stateless/00505_tcp_ssl.sh.disabled
+++ b/dbms/tests/queries/0_stateless/00505_tcp_ssl.sh.disabled
--- a/dbms/tests/server-test.xml
+++ b/dbms/tests/server-test.xml
@@ -35,10 +35,9 @@
            <cacheSessions>true</cacheSessions>
            <disableProtocols>sslv2,sslv3</disableProtocols>
            <preferServerCiphers>true</preferServerCiphers>
-            <!-- Use for self-signed: <verificationMode>none</verificationMode> -->
+            <verificationMode>none</verificationMode>
            <invalidCertificateHandler>
-                <!-- Use for self-signed: <name>AcceptCertificateHandler</name> -->
-                <name>RejectCertificateHandler</name>
+                <name>AcceptCertificateHandler</name>
            </invalidCertificateHandler>
        </client>
    </openSSL>

--- a/debian/pbuilder-hooks/B90test-server
+++ b/debian/pbuilder-hooks/B90test-server
@@ -16,8 +16,12 @@ ln -fs /usr/share/zoneinfo/Europe/Moscow /etc/localtime
 echo 'Europe/Moscow' > /etc/timezone
 dpkg-reconfigure -f noninteractive tzdata

-pwd
-mkdir -p /etc/clickhouse-server/config.d
+mkdir -p /etc/clickhouse-server/config.d /etc/clickhouse-client/config.d
+echo "<yandex><https_port>8443</https_port><tcp_ssl_port>9440</tcp_ssl_port></yandex>" > /etc/clickhouse-server/config.d/ssl.xml
+echo "<yandex><openSSL><client><verificationMode>none</verificationMode><invalidCertificateHandler><name>AcceptCertificateHandler</name></invalidCertificateHandler></client></openSSL></yandex>" > /etc/clickhouse-client/config.d/ssl.xml
+
+openssl dhparam -out /etc/clickhouse-server/dhparam.pem 256
+openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt

 service clickhouse-server start
 sleep 3
@@ -25,8 +29,8 @@ sleep 3
 # TODO: remove me or make only on error:
 tail -n100 /var/log/clickhouse-server/*

-clickhouse-client -q "SELECT * from system.build_options;"
-clickhouse-client -q "SELECT toDateTime(1);"
+clickhouse-client --ssl -q "SELECT * from system.build_options;"
+clickhouse-client --ssl -q "SELECT toDateTime(1);"


 ( [ "${TEST_RUN}" ] && clickhouse-test --queries /usr/share/clickhouse-test/queries --tmp /tmp/clickhouse-test/ ${TEST_OPT} ) || ${TEST_TRUE:=true}

--- a/debian/pbuilder-hooks/ssl.xml
+++ b/debian/pbuilder-hooks/ssl.xml
-<yandex>
-    <https_port>8443</https_port>
-    <tcp_ssl_port>9440</tcp_ssl_port>
-</yandex>