undo client config change

etcd-io · Sep 18, 2021 · 6702671 · 6702671
1 parent ef9b5ca
commit 6702671
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/client/pkg/transport/listener.go b/client/pkg/transport/listener.go
@@ -340,7 +340,7 @@ func (info *TLSInfo) loadTLSConfig() *tls.Config {
 	if info.Logger != nil {
 		info.Logger.Info("tls config reload from files")
 	}
-	cfg, err := info.newTlsConfig()
+	cfg, err := info.serverConfig()
 	if err == nil {
 		info.tlsConfig.Store(cfg)
 	} else {
@@ -364,7 +364,7 @@ func (info *TLSInfo) tlsConfigRefreshLoop() {
 	}
 }
 
-func (info *TLSInfo) newTlsConfig() (*tls.Config, error) {
+func (info *TLSInfo) baseConfig() (*tls.Config, error) {
 	if info.KeyFile == "" || info.CertFile == "" {
 		return nil, fmt.Errorf("KeyFile and CertFile must both be present[key: %v, cert: %v]", info.KeyFile, info.CertFile)
 	}
@@ -450,7 +450,14 @@ func (info *TLSInfo) newTlsConfig() (*tls.Config, error) {
 			return errors.New("client certificate authentication failed")
 		}
 	}
+	return cfg, nil
+}
 
+func (info *TLSInfo) serverConfig() (*tls.Config, error) {
+	cfg, err := info.baseConfig()
+	if err != nil {
+		return nil, err
+	}
 	cfg.ClientAuth = tls.NoClientCert
 	if info.TrustedCAFile != "" || info.ClientCertAuth {
 		cfg.ClientAuth = tls.RequireAndVerifyClientCert
@@ -559,7 +566,7 @@ func (info *TLSInfo) ClientConfig() (*tls.Config, error) {
 	var err error
 
 	if !info.Empty() {
-		cfg, err = info.newTlsConfig()
+		cfg, err = info.baseConfig()
 		if err != nil {
 			return nil, err
 		}

diff --git a/client/pkg/transport/listener_test.go b/client/pkg/transport/listener_test.go
@@ -392,7 +392,7 @@ func TestNewTransportTLSInfo(t *testing.T) {
 
 func TestTLSInfoNonexist(t *testing.T) {
 	tlsInfo := TLSInfo{CertFile: "@badname", KeyFile: "@badname"}
-	_, err := tlsInfo.newTlsConfig()
+	_, err := tlsInfo.serverConfig()
 	werr := &os.PathError{
 		Op:   "open",
 		Path: "@badname",
@@ -441,10 +441,10 @@ func TestTLSInfoMissingFields(t *testing.T) {
 	}
 
 	for i, info := range tests {
-		_, err = info.newTlsConfig()
+		_, err = info.serverConfig()
 
 		if err == nil {
-			t.Errorf("#%d: expected non nil error from newTlsConfig()", i)
+			t.Errorf("#%d: expected non nil error from serverConfig()", i)
 		}
 
 		if _, err = info.ClientConfig(); err == nil {
@@ -475,7 +475,7 @@ func TestTLSInfoParseFuncError(t *testing.T) {
 	for i, tt := range tests {
 		tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, errors.New("fake"))
 
-		if _, err = tt.info.newTlsConfig(); err == nil {
+		if _, err = tt.info.serverConfig(); err == nil {
 			t.Errorf("#%d: expected non-nil error from ServerConfig()", i)
 		}
 
@@ -514,7 +514,7 @@ func TestTLSInfoConfigFuncs(t *testing.T) {
 	for i, tt := range tests {
 		tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)
 
-		sCfg, err := tt.info.newTlsConfig()
+		sCfg, err := tt.info.serverConfig()
 		if err != nil {
 			t.Errorf("#%d: expected nil error from ServerConfig(), got non-nil: %v", i, err)
 		}