Commit a4f5dc39 authored by Levin Zimmermann's avatar Levin Zimmermann

go/neo: Expand user prefix in TLS key/cert paths

This patch fixes a discrepancy between NEO/py and NEO/go: NEO/py expands
the '~' and the '~username' prefix in the file path of the TLS
certificate/key files [1]. This syntax is used in NEO/py SlapOS SR [2].
We need to fix this discrepancy in NEO/go in order to use TLS encryption
with NEO + WCFS.

[1] https://lab.nexedi.com/nexedi/neoppod/blob/7c539f0f/neo/lib/config.py#L149
and https://lab.nexedi.com/nexedi/neoppod/blob/fa63d856/neo/lib/app.py#L25-31

[2] https://lab.nexedi.com/nexedi/slapos/blob/397726e1/stack/erp5/instance-zodb-base.cfg.in#L18-20
and https://lab.nexedi.com/nexedi/slapos/blob/a8150a1a/software/neoppod/instance-neo-input-schema.json#L62
parent 56496067
// Copyright (C) 2018-2020 Nexedi SA and Contributors. // Copyright (C) 2018-2023 Nexedi SA and Contributors.
// Kirill Smelkov <kirr@nexedi.com> // Kirill Smelkov <kirr@nexedi.com>
// //
// This program is free software: you can Use, Study, Modify and Redistribute // This program is free software: you can Use, Study, Modify and Redistribute
...@@ -30,10 +30,10 @@ import ( ...@@ -30,10 +30,10 @@ import (
"lab.nexedi.com/kirr/go123/xnet/lonet" "lab.nexedi.com/kirr/go123/xnet/lonet"
"lab.nexedi.com/kirr/go123/xstrings" "lab.nexedi.com/kirr/go123/xstrings"
"lab.nexedi.com/kirr/neo/go/neo/internal/xpath/xfilepath"
"lab.nexedi.com/kirr/neo/go/neo/internal/xtls" "lab.nexedi.com/kirr/neo/go/neo/internal/xtls"
) )
// Config specifies network configuration for Join. // Config specifies network configuration for Join.
// //
// Empty config means to use plain TCP networking for inter-node exchange. // Empty config means to use plain TCP networking for inter-node exchange.
...@@ -47,7 +47,6 @@ type Config struct { ...@@ -47,7 +47,6 @@ type Config struct {
LoNode string LoNode string
} }
// Join returns network access-point suitable for interoperating with nodes in // Join returns network access-point suitable for interoperating with nodes in
// a NEO cluster according to config. // a NEO cluster according to config.
func Join(ctx context.Context, cfg Config) (net xnet.Networker, err error) { func Join(ctx context.Context, cfg Config) (net xnet.Networker, err error) {
...@@ -93,7 +92,10 @@ func Join(ctx context.Context, cfg Config) (net xnet.Networker, err error) { ...@@ -93,7 +92,10 @@ func Join(ctx context.Context, cfg Config) (net xnet.Networker, err error) {
} }
if ssl { if ssl {
tlsCfg, err := xtls.ConfigForP2P(cfg.CA, cfg.Cert, cfg.Key) xu := xfilepath.ExpandUser // Expand user for compatibility with NEO/py:
// https://lab.nexedi.com/nexedi/neoppod/blob/7c539f0f/neo/lib/config.py#L149
// https://lab.nexedi.com/nexedi/neoppod/blob/fa63d856/neo/lib/app.py#L25-31
tlsCfg, err := xtls.ConfigForP2P(xu(cfg.CA), xu(cfg.Cert), xu(cfg.Key))
if err != nil { if err != nil {
return nil, err return nil, err
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment