Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow plain connection after ssl deny #526

Merged
merged 9 commits into from
Apr 15, 2022

Conversation

G1gg1L3s
Copy link
Contributor

Right now, if some clients receive SSL deny from the server, they can try to start plain connection by sending plain Startup message. The last one would then be served not as a startup, but as a general one, which will hang a connection.

This PR fixes this by reloading client thread after ssl deny to expect startup message again.

There are a couple of TODOs, which I hope you will help me to resolve.

Checklist

self.tearDown()
raise

def testPlainConnectionAfterDeny(self):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to rewrite this function:

def testPlainConnectionAfterDeny():
    # declare fully async function to call run_until_complete once. better to separate async and sync code
    async def _testPlainConnectionAfterDeny(self):
      conn = await async.connect(...)
      conn.fetch(...)

    loop = asyncio.new_event_loop()  # create new to avoid concurrent usage of the loop in the current thread and allow parallel execution in the future
    loop.run_until_complete(_testPlainConnectionAfterDeny())

return errors.New("can't stop background goroutine")
}

// TODO: why twice?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually I don't remember) maybe to be sure)
or you can remove it and run several tests to check is it break something or not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ohh, I guess this resets the timeout, because it uses time.Time{} instead of time.Now()

@@ -408,6 +408,41 @@ func (proxy *PgProxy) sendClientError(msg string, logger *log.Entry) error {
return nil
}

// stopClientThread sends a signal to a client thread to stop. Returns error in
// case of an error or timeout. Is used to stop and reload client with TLS
func (proxy *PgProxy) stopClientThread(logger *log.Entry) error {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe lets name stopClientGoroutine or stopProxyClientConnection as opposite to ProxyClientConnection?

To separate async and sync code.
To be more consistent with `ProxyClientConnection`
@G1gg1L3s G1gg1L3s merged commit 211ca1d into master Apr 15, 2022
@G1gg1L3s G1gg1L3s deleted the G1gg1L3s/T2523-allow-plain-connection-after-ssl branch April 15, 2022 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants