-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow plain connection after ssl deny #526
Allow plain connection after ssl deny #526
Conversation
This will come in handy lately.
This will reset a state of the client connection, so it will be ready of new startup packets.
self.tearDown() | ||
raise | ||
|
||
def testPlainConnectionAfterDeny(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest to rewrite this function:
def testPlainConnectionAfterDeny():
# declare fully async function to call run_until_complete once. better to separate async and sync code
async def _testPlainConnectionAfterDeny(self):
conn = await async.connect(...)
conn.fetch(...)
loop = asyncio.new_event_loop() # create new to avoid concurrent usage of the loop in the current thread and allow parallel execution in the future
loop.run_until_complete(_testPlainConnectionAfterDeny())
decryptor/postgresql/pg_decryptor.go
Outdated
return errors.New("can't stop background goroutine") | ||
} | ||
|
||
// TODO: why twice? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually I don't remember) maybe to be sure)
or you can remove it and run several tests to check is it break something or not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ohh, I guess this resets the timeout, because it uses time.Time{}
instead of time.Now()
decryptor/postgresql/pg_decryptor.go
Outdated
@@ -408,6 +408,41 @@ func (proxy *PgProxy) sendClientError(msg string, logger *log.Entry) error { | |||
return nil | |||
} | |||
|
|||
// stopClientThread sends a signal to a client thread to stop. Returns error in | |||
// case of an error or timeout. Is used to stop and reload client with TLS | |||
func (proxy *PgProxy) stopClientThread(logger *log.Entry) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe lets name stopClientGoroutine
or stopProxyClientConnection
as opposite to ProxyClientConnection
?
To separate async and sync code.
To be more consistent with `ProxyClientConnection`
Right now, if some clients receive
SSL deny
from the server, they can try to start plain connection by sending plainStartup message
. The last one would then be served not as a startup, but as a general one, which will hang a connection.This PR fixes this by reloading client thread after
ssl deny
to expect startup message again.There are a couple of
TODO
s, which I hope you will help me to resolve.Checklist
Public API has proper documentation in the Acra documentation site or has PR on documentation repositorywith new changes
CHANGELOG.md is updated (in case of notable or breaking changes)Benchmark results are attached (if applicable)Example projects and code samples are up-to-date (in case of API changes)