def ssl_enabled_test(self):
"""Should be able to start with valid ssl options"""
credNode1 = sslkeytool.generate_credentials("127.0.0.1")
credNode2 = sslkeytool.generate_credentials("127.0.0.2", credNode1.cakeystore, credNode1.cacert)
self.setup_nodes(credNode1, credNode2)
self.cluster.start()
self.cql_connection(self.node1)
def ssl_wrong_hostname_no_validation_test(self):
"""Should be able to start with valid ssl options"""
credNode1 = sslkeytool.generate_credentials("127.0.0.80")
credNode2 = sslkeytool.generate_credentials("127.0.0.81", credNode1.cakeystore, credNode1.cacert)
self.setup_nodes(credNode1, credNode2, endpointVerification=False)
self.cluster.start()
time.sleep(2)
self.cql_connection(self.node1)
def ca_mismatch_test(self):
"""CA mismatch should cause nodes to fail to connect"""
credNode1 = sslkeytool.generate_credentials("127.0.0.1")
credNode2 = sslkeytool.generate_credentials("127.0.0.2") # mismatching CA!
self.setup_nodes(credNode1, credNode2)
self.allow_log_errors = True
self.cluster.start(no_wait=True)
found = self._grep_msg(self.node1, _LOG_ERR_SIG)
self.cluster.stop()
self.assertTrue(found)
def ssl_wrong_hostname_with_validation_test(self):
"""Should be able to start with valid ssl options"""
credNode1 = sslkeytool.generate_credentials("127.0.0.80")
credNode2 = sslkeytool.generate_credentials("127.0.0.81", credNode1.cakeystore, credNode1.cacert)
self.setup_nodes(credNode1, credNode2, endpointVerification=True)
self.allow_log_errors = True
self.cluster.start(no_wait=True)
found = self._grep_msg(self.node1, _LOG_ERR_IP, _LOG_ERR_HOST)
self.assertTrue(found)
found = self._grep_msg(self.node2, _LOG_ERR_IP, _LOG_ERR_HOST)
self.assertTrue(found)
self.cluster.stop()
self.assertTrue(found)