From f72db865ff5271e78cce9aeaf703778057fcd576 Mon Sep 17 00:00:00 2001 From: Alik Kurdyukov Date: Wed, 6 Mar 2024 21:10:17 +0400 Subject: [PATCH] Fix for verify=False ignoring (#421) * fixed verify=False implementation * fixed flake8 errors * trying to fix build * fixing top-level element usage * fixing build * fixing the build (2) * fixing the build (3) * fixing the build (4) * valgrind config fix * review fixes --- .github/workflows/actions.yml | 2 ++ clickhouse_driver/connection.py | 2 +- docs/development.rst | 2 +- setup.cfg | 1 + .../certs/dhparam.pem | 13 +++++++++ .../clickhouse_server_config/certs/server.crt | 19 +++++++++++++ .../clickhouse_server_config/certs/server.csr | 16 +++++++++++ .../clickhouse_server_config/certs/server.key | 28 +++++++++++++++++++ .../certs/tests_ca.crt | 19 +++++++++++++ .../certs/tests_ca.key | 28 +++++++++++++++++++ .../certs/tests_ca.srl | 1 + tests/clickhouse_server_config/clickhouse.xml | 17 +++++++++++ tests/clickhouse_server_config/yandex.xml | 17 +++++++++++ tests/docker-compose.yml | 4 +++ tests/test_connect.py | 5 ++++ tests/testcase.py | 1 + 16 files changed, 173 insertions(+), 2 deletions(-) create mode 100644 tests/clickhouse_server_config/certs/dhparam.pem create mode 100644 tests/clickhouse_server_config/certs/server.crt create mode 100644 tests/clickhouse_server_config/certs/server.csr create mode 100644 tests/clickhouse_server_config/certs/server.key create mode 100644 tests/clickhouse_server_config/certs/tests_ca.crt create mode 100644 tests/clickhouse_server_config/certs/tests_ca.key create mode 100644 tests/clickhouse_server_config/certs/tests_ca.srl create mode 100644 tests/clickhouse_server_config/clickhouse.xml create mode 100644 tests/clickhouse_server_config/yandex.xml diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 7c791fc0..4b03ebd1 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -70,6 +70,7 @@ jobs: run: | echo "VERSION=${{ matrix.clickhouse-version }}" > tests/.env if [[ "${{ matrix.clickhouse-version }}" > "21.7" ]]; then echo "ORG=clickhouse"; else echo "ORG=yandex" ; fi >> tests/.env + if [[ "21.10" = "`echo -e "21.10\n${{ matrix.clickhouse-version }}" | sort -V | head -n1`" ]]; then echo "TOP_LEVEL=clickhouse"; else echo "TOP_LEVEL=yandex" ; fi >> tests/.env docker-compose -f tests/docker-compose.yml up -d - name: Setup clickhouse-client proxy for docker run: | @@ -140,6 +141,7 @@ jobs: run: | echo "VERSION=$VERSION" > tests/.env if [[ "$VERSION" > "21.7" ]]; then echo "ORG=clickhouse"; else echo "ORG=yandex" ; fi >> tests/.env + if [[ "21.10" = "`echo -e "21.10\n$VERSION" | sort -V | head -n1`" ]]; then echo "TOP_LEVEL=clickhouse"; else echo "TOP_LEVEL=yandex" ; fi >> tests/.env docker-compose -f tests/docker-compose.yml up -d env: VERSION: 20.3.7.46 diff --git a/clickhouse_driver/connection.py b/clickhouse_driver/connection.py index 677140fb..4702db19 100644 --- a/clickhouse_driver/connection.py +++ b/clickhouse_driver/connection.py @@ -314,7 +314,7 @@ def _create_ssl_context(self, ssl_options): context.set_ciphers(ssl_options['ciphers']) if 'cert_reqs' in ssl_options: - context.options = ssl_options['cert_reqs'] + context.verify_mode = ssl_options['cert_reqs'] if 'certfile' in ssl_options: keyfile = ssl_options.get('keyfile') diff --git a/docs/development.rst b/docs/development.rst index eb006052..9659366f 100644 --- a/docs/development.rst +++ b/docs/development.rst @@ -45,7 +45,7 @@ Create container desired version of ``clickhouse-server``: .. code-block:: bash - docker run --rm -e "TZ=Europe/Moscow" -p 127.0.0.1:9000:9000 --name test-clickhouse-server clickhouse/clickhouse-server:$VERSION + docker run --rm -e "TZ=Europe/Moscow" -p 127.0.0.1:9000:9000 -p 127.0.0.1:9440:9440 --name test-clickhouse-server clickhouse/clickhouse-server:$VERSION Create container with the same version of ``clickhouse-client``: diff --git a/setup.cfg b/setup.cfg index 30baacea..7b057429 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,7 @@ [db] host=localhost port=9000 +secure_port=9440 database=test user=default password= diff --git a/tests/clickhouse_server_config/certs/dhparam.pem b/tests/clickhouse_server_config/certs/dhparam.pem new file mode 100644 index 00000000..a7eaa18e --- /dev/null +++ b/tests/clickhouse_server_config/certs/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICDAKCAgEA66P8i6eWye0lVlAeAxDdF2fqHh93OjEVaiSRwqojyq0L4UeXDPkx +xWtQujZG4xvxyBH9udpqBmtoyNLgMShiMeCEZKQ4YTYOZIEsJU6GxADevDjAArwg +BB3Qri3YL/u3zKxvFd36NIHj5/gOrCoC7c8R2NA8wDIOP+SPD1Tdk7i5yYk1u7SB +m7O2tyK+ZrU4lF6k4lpLryDPjYPavAXia3DXUqCJdAwtqTz/jR3QmuaT1iPENnR7 +/Xgm3JiKQLkOMBJLdLJqL/43KtnRboMhsqjDO4go039GLVSp6yFQ4V/NbuEFKLhH +d4DJJYc3zmS94Oq9UNWDEsokTMAT/4mPpLNVCXOLR4yoaOW5qikq08PytFNV7dKa +Pbbgy6yC/NSt5CB9MfdfY0IU1ddMgE+sBbCBxFCZdXUXx3eNCtziqQLGmg++RjBV +qJgeMqc+dFKkOb6alJNUkO0svuelcjAWVJ0kZ9FIDPb36I8VmEVpxaHB2dRKrQPO +z3Yj4fx7VIMILFg/8Wfm5Vu19BvQRTIpjPdVl3uHs/UyEQSs1g37LnGWCiBN9OhV +uQe4yDVlUficWYmWRF/rwkPL/3cUQrWyQfbzSapGWMLDown7+jcAuXZyZNvskmYB +cgF4BYbEM8cJrlmMbJNYkT522T5mxiiVEMxD6yUIymU586rYWjBOu6cCAQICAgFF +-----END DH PARAMETERS----- diff --git a/tests/clickhouse_server_config/certs/server.crt b/tests/clickhouse_server_config/certs/server.crt new file mode 100644 index 00000000..59ca3194 --- /dev/null +++ b/tests/clickhouse_server_config/certs/server.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAe2gAwIBAgIUbWRGuPelwmGh762nyTO5l+IzrVowDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOdGVzdHMubG9jYWwgQ0EwHhcNMjQwMzAzMTk0MzU2WhcN +MjUwMzAzMTk0MzU2WjAcMRowGAYDVQQDDBFjbGlja2hvdXNlLXNlcnZlcjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSLt5AVi1uHiU/eg8XsXmWmDnAk +fbRC1jzgfP53jTVJdCBU4dMNdi6lNnnCcuIySx+oOiQZ6OwR2tqs1trwnKxgyqnH +WDexZL04sPlvS8EqD/JiTqQW297YI6ev+1SiChfoF88gH62zInfj4wiLmxw+kJgL +F/zCuIz4oFNs+Eu5XDcB35/Ec1d/1deIQkP6jtyLs+scytME2Oy8kgy8aXU1vf5R +zqgek8sYF4LPwOd3uXnhRAdMs+9kgFUKwN12rin5BviQmuylN3CS0BWflYu4Jnzv ++Fwb5ofCfUvmM6W1WgkSkfwFjCvWeUxZVJZm+BbX6C0tOPjy1oTYtRLhLqkCAwEA +AaNCMEAwHQYDVR0OBBYEFPxxrwgl2071sxoU6HEKgT5pkXr3MB8GA1UdIwQYMBaA +FFgOIk+h1x8iFcZ2wIsf9PMYSdJpMA0GCSqGSIb3DQEBCwUAA4IBAQAggmdsCr/G +ZWe5KMSYK3KSiQHnvAb05uKLL1tP4vb9TGO/ailWBL/b+mH09s8OwEMx68Yo91SR +GtYvF4ri/f4y4sqesmbNoqRD9EdXZhItF/K4WbMIlu0+URP7AIytA2UDk32vhf86 +sHpLV7sbfgFbEWfV5xuWsZeSVJXpiq4HQoJuXoQahHclDOHNPC2NyWLWLKHLLPTJ +LVqtb52/dajVmvX5HiwqSpLt/7XBsYex1IqsI16oouo2oe2FcjIBNK6A5weEGhoZ +n7XgItP7uLqvhUmEcmFB24ts/6FXSc5bxHk0GkQVKT48CvM0UemRgVVRkaywqNNv +Oh9OMh6TqP4h +-----END CERTIFICATE----- diff --git a/tests/clickhouse_server_config/certs/server.csr b/tests/clickhouse_server_config/certs/server.csr new file mode 100644 index 00000000..dbf243d5 --- /dev/null +++ b/tests/clickhouse_server_config/certs/server.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICljCCAX4CAQAwHDEaMBgGA1UEAwwRY2xpY2tob3VzZS1zZXJ2ZXIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUi7eQFYtbh4lP3oPF7F5lpg5wJH20 +QtY84Hz+d401SXQgVOHTDXYupTZ5wnLiMksfqDokGejsEdrarNba8JysYMqpx1g3 +sWS9OLD5b0vBKg/yYk6kFtve2COnr/tUogoX6BfPIB+tsyJ34+MIi5scPpCYCxf8 +wriM+KBTbPhLuVw3Ad+fxHNXf9XXiEJD+o7ci7PrHMrTBNjsvJIMvGl1Nb3+Uc6o +HpPLGBeCz8Dnd7l54UQHTLPvZIBVCsDddq4p+Qb4kJrspTdwktAVn5WLuCZ87/hc +G+aHwn1L5jOltVoJEpH8BYwr1nlMWVSWZvgW1+gtLTj48taE2LUS4S6pAgMBAAGg +NTAzBgkqhkiG9w0BCQ4xJjAkMCIGA1UdEQQbMBmCEWNsaWNraG91c2Utc2VydmVy +hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCsVsVB7VAofJUtr3L/hcj/PExccdKf +RYBcZQP3ekdY07V69B/FeLFxDHrWkoWV5vcI8g+87FpEUNR8tn7GrbEtiQe7elxY +kAzddwIlz8YqjeyVyd7FUpUtPts7I9YvglGg/y7yIlGxwvcg8lP+rkC6A6H5Q/tj +zsUMbRZvC84BZIwxswj9yvoQhH79HRUsN8rv3T9as6PwbKKGcRRfPvBBk0T0uecZ +PYFSbpZD9Zt5VLtUy/A/Q5skS8mLUV9/BZk2P/8nTLsZvg+rxSEyDa7d7QP5uNF9 +7jOFh2tF9JOl0yxAWPtAnesiAfA82Y2xeV5GqgwJnPcV2Xhj6VwDBC8F +-----END CERTIFICATE REQUEST----- diff --git a/tests/clickhouse_server_config/certs/server.key b/tests/clickhouse_server_config/certs/server.key new file mode 100644 index 00000000..28c70107 --- /dev/null +++ b/tests/clickhouse_server_config/certs/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDUi7eQFYtbh4lP +3oPF7F5lpg5wJH20QtY84Hz+d401SXQgVOHTDXYupTZ5wnLiMksfqDokGejsEdra +rNba8JysYMqpx1g3sWS9OLD5b0vBKg/yYk6kFtve2COnr/tUogoX6BfPIB+tsyJ3 +4+MIi5scPpCYCxf8wriM+KBTbPhLuVw3Ad+fxHNXf9XXiEJD+o7ci7PrHMrTBNjs +vJIMvGl1Nb3+Uc6oHpPLGBeCz8Dnd7l54UQHTLPvZIBVCsDddq4p+Qb4kJrspTdw +ktAVn5WLuCZ87/hcG+aHwn1L5jOltVoJEpH8BYwr1nlMWVSWZvgW1+gtLTj48taE +2LUS4S6pAgMBAAECggEAFAz8K6EErQVLvFei+bxzKUaxjP28SBGYEVUiJYVUsma0 +CErJpPXbpMncKj9gRBt3f8yIc5hoI0EJ8uAkQrI5LX/SDpMqLNLUzI75DwbjUB0u +NPD2Nz+azVp5fpu464J/zkKMYHNI2cOQ6Ft8svUslE0Iqfc984/RBid8RHJ+t/Hf ++ycFra5rdYEEn5fe/B9XWqrimYONO2f6fY0qJ3hV2HG/dRu5S8D7J63HnEJxoKtG +gcxNBF46mnVTDZspD7V2fYKeRTp2SP6xkZdbAK5mrW7IwZuZstorbZ/H+jY6YlSw +XkQ5OrvOITaaC5xBRR1psR8709UZffIDfMdnOQwJqQKBgQD4MrL5nTl76hPwQXb/ +1B2QoKaInGUwOINFWVK9OgwUHjCEW5bZ1TEb0iXZC8DCh/X3JLhVykp/CJZNjZ1U +q+SSkcE0UXMIP6+MKEvIJVBCAuwgd9ZKIYuGM1dN90wxlYvJnH6SYjqLLag5Tapa +lBoAbGYqg8WqRAcC8LEOCUmsjQKBgQDbOh3hHY6Vdg5KYy2exnk+f2EHGeAXCK6X +Iregf9qovj6j6ccNHDT2Qf3DkR9Fdu05ZWD2U5C7PU7e6V9botwdauoB0mr2Yszc +EaTQfjIT9eLE2XaLUw/Q5105+PAxc4QScc/0y5VtujjMUKhGCbnF2fubtIEyHk1i +dn287Fj5jQKBgEZecXnuBr9INZD3rpqH9D3uHmk7FkFetHE0Cw5VZ9lIWe8c3J80 +H7FImqx39ZXx4F3KzmycZxSvRZYFYacA+VRI+OMxeJDNJaNyRVIgqimdFH98Goh4 +DEvnQIh9Zd/lC3YE5anxKbIOJtTgXT1DIkAee7TwGVnV4bsGrNxS6819AoGBALdX +Rk/TYUB8B/2MLkYAJLvw2ZuPt0psN18saLew1ZST7l01EQRU17IvhGO/BZEZodGD +iHDZeEwvPLvOHrLLZByyIlw9trix7jQKCXVYZNcup2ULnUltwOdr5xqpp28j9Ytb +ZZiLfj/TItc0iVZxoczmvbb9YaMhloRHJmcOnmatAoGACljWbDkPeQNF+EH6OoC6 +Eresu12MeQChia7jaXuLm68h4M6CxboZnhqAJRV1x63joZK15eVGxBjg+30Hw2mq +7jKwsDrQLAjgxdMO/vZ+U/lPpqvObKdPZw4Ld6fJ8OcXKxGg/wENu770vVAzxpUr +j64QFrbN/9tlhDGD+xCcuYE= +-----END PRIVATE KEY----- diff --git a/tests/clickhouse_server_config/certs/tests_ca.crt b/tests/clickhouse_server_config/certs/tests_ca.crt new file mode 100644 index 00000000..c5784e42 --- /dev/null +++ b/tests/clickhouse_server_config/certs/tests_ca.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIUTwSVyR94CL34RTPkujqVP17HOEYwDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOdGVzdHMubG9jYWwgQ0EwHhcNMjQwMzAzMTk0MTMxWhcN +MjcwMzAzMTk0MTMxWjAZMRcwFQYDVQQDDA50ZXN0cy5sb2NhbCBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALzOQgfgDZY+sjPamQp7omKwkKlxEzAq +EdFGXPM2nqbfsCnDxjNmXeEukX9Ml0md4swscKjoqDRamCOwWPGB6IrRTI5SaTOW +wVJLuloN6iworNUECHlKJhE6Fi15r+vXx1wRplucgyGUYY3msz1OQmbegGZyUGV7 +DE4J93RIxeVz8nmmSXydxCiawrp7pb4z1d47uXu9dcgQvjkOQcsl7to0tLjoyFSI +IHYgiFri/X12r16nzVJZCxO6DHFRMOUTrpXbR4qxMMqQsfu1YvXZjSuCdP16Kt4v +gsFkNtw7pIgvtIROq0f+c6rpYRM3wHRH/u9iRxDaiJLUlpM34ntK0h8CAwEAAaNT +MFEwHQYDVR0OBBYEFFgOIk+h1x8iFcZ2wIsf9PMYSdJpMB8GA1UdIwQYMBaAFFgO +Ik+h1x8iFcZ2wIsf9PMYSdJpMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAFqIeReZefr9KJRuiDXr7+2unLAKBDTWBmnKsVnP80EgffsV4CE+qMSF +v9Ep3JYDDQXfq0Vm6NJUidTCg7p4JNzr/jy1gPv4lWCYRN4cZkZT1JZ1dXfvm7Ra +ebGQgBrOZ2Q1qBWy4vf9CbAV9T/TrMDC9u7pxX+tpKuS63nLob8tOGxT4iMZqziV +WpvO4haTboz1MiZczwAXXDtyNKL0sTEhmaLe7pURhWSjqngpln3GAvjoyGabCDsU +800IhYps+Y809caZwUz8rLKtTZG3bSg9cvq7qVI2SKeh1BWDbcMejpBuO4/6BHAC +LZU5ylW64KMrv14/4DOcZD/jYEN7DNQ= +-----END CERTIFICATE----- diff --git a/tests/clickhouse_server_config/certs/tests_ca.key b/tests/clickhouse_server_config/certs/tests_ca.key new file mode 100644 index 00000000..72789131 --- /dev/null +++ b/tests/clickhouse_server_config/certs/tests_ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8zkIH4A2WPrIz +2pkKe6JisJCpcRMwKhHRRlzzNp6m37Apw8YzZl3hLpF/TJdJneLMLHCo6Kg0Wpgj +sFjxgeiK0UyOUmkzlsFSS7paDeosKKzVBAh5SiYROhYtea/r18dcEaZbnIMhlGGN +5rM9TkJm3oBmclBlewxOCfd0SMXlc/J5pkl8ncQomsK6e6W+M9XeO7l7vXXIEL45 +DkHLJe7aNLS46MhUiCB2IIha4v19dq9ep81SWQsTugxxUTDlE66V20eKsTDKkLH7 +tWL12Y0rgnT9eireL4LBZDbcO6SIL7SETqtH/nOq6WETN8B0R/7vYkcQ2oiS1JaT +N+J7StIfAgMBAAECggEAHABca1M/u0cEd4ugY51JzGiH++lI7D1rs7ruHCVp9YZ6 +rPxbunx1yJN3LAcNmkhv6NIKdLKUsmG2lfcYfzDsw8ceGy7TwBKdYfmDOMnphK+/ +pOlajF/X3M7dl9RSp/Vc8XsDTiuciHAQ4Se+8NpYyhg5DiM+vd44SUv8cY2SyWBd +eqFYbcHkxsFLPllCWFN92KEfHBoT4EkNPhiXgWOdZn6CcSMw8wsgFsoZ559mTo+O +fPG0Nz+yHTNWDO/fvVIdR970Pd8STE2UYM6Bo3lWzs8XmUGxiinkSMYZ9yul5Gf/ +18ZY+115Z7zB5N5XOZntz1a4PjBLNJxe6PnCNTRhGQKBgQD4T1D9JX9mSRW6RZ9x +GlS3Kjb6PN33zUXNIAvgMk3gGQBd/KDljaTP70KugJFDK7WKNyE+0K3+pd5GlKeC +6ph/ZDsrnOZfKferFeYyY4i68TOnMLZ0ucT+HZ4wGyKcS4PqLitgRMdCWkpBN9OU +T0kYVO85Aq/QS4ZHysbqclgUuwKBgQDCpyw+ctFtVY65v9UMtpx4eEr0VDy9Plx9 +vZfe45tKtOpkJGfttb1dxLr6cMy/UN8QcHOSP3A1OKAnYHz978GtIG3YAcHb/qn9 +C7aYdZTGh5ZRwS08sOt5+QVHyQkqgrLlKeSodbbF24+V81Fhx5rJYxS/j4kWqz6o +ZzwzFiVT7QKBgQC2UM5fQEP9XxYD8ZCy46ll3yoEq+IyStbAWJI/p8/EBbdeStn8 +Efb78WmdZKrDjfk6JWZUj7XhLfo5Cna/ye30QyyqxgXjw5WkWWzufGRtFiJd1Idy +xt9b0XVPTu0nos6ViBazFWzUTCUPI6VG1LwPkHUg/9cE8h8C4WERzKjddwKBgQCL +ZlljJ6sf18Ps9prHDggkplFXhPQyuvRWAG9A6lOOPt4VdZUQQbUp7/fP3vRilrII +/d9mfxQGqVTYnlslKIzVRYIkza1dtZVbaQYNTTeMrhFS3ztcWX9pzJKhhDGSRiOD +xmrA0fxg2gqMYsKHegE59EEppsuQdnba94O/Oj7lSQKBgC7JiZtWS3gfZNtDM+fz +zE4+u2TBQuJYAi4qcJdqXOUkxoPvKO32f4S5dTvsFDQu/6hC+1bjNGN6AlnocyjR +cwNcEuG5U+VN5bRwfBUk50J7++S+OhSJo8LaArk/pm+8l5mwE5Lth9Q0Ieo5YsMX +BEtzCOrLBd5Yv4lqHx0tqbri +-----END PRIVATE KEY----- diff --git a/tests/clickhouse_server_config/certs/tests_ca.srl b/tests/clickhouse_server_config/certs/tests_ca.srl new file mode 100644 index 00000000..08a78b61 --- /dev/null +++ b/tests/clickhouse_server_config/certs/tests_ca.srl @@ -0,0 +1 @@ +6D6446B8F7A5C261A1EFADA7C933B997E233AD5A diff --git a/tests/clickhouse_server_config/clickhouse.xml b/tests/clickhouse_server_config/clickhouse.xml new file mode 100644 index 00000000..5e4dba29 --- /dev/null +++ b/tests/clickhouse_server_config/clickhouse.xml @@ -0,0 +1,17 @@ + + 9440 + + + + /etc/clickhouse-server/certs/server.crt + /etc/clickhouse-server/certs/server.key + + /etc/clickhouse-server/certs/dhparam.pem + none + /etc/clickhouse-server/certs/tests_ca.crt + true + sslv2,sslv3 + true + + + diff --git a/tests/clickhouse_server_config/yandex.xml b/tests/clickhouse_server_config/yandex.xml new file mode 100644 index 00000000..a4437c6b --- /dev/null +++ b/tests/clickhouse_server_config/yandex.xml @@ -0,0 +1,17 @@ + + 9440 + + + + /etc/clickhouse-server/certs/server.crt + /etc/clickhouse-server/certs/server.key + + /etc/clickhouse-server/certs/dhparam.pem + none + /etc/clickhouse-server/certs/tests_ca.crt + true + sslv2,sslv3 + true + + + diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 13cc8c9d..e0fd290f 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -8,6 +8,10 @@ services: - TZ=Europe/Moscow ports: - "127.0.0.1:9000:9000" + - "127.0.0.1:9440:9440" + volumes: + - "./clickhouse_server_config/$TOP_LEVEL.xml:/etc/clickhouse-server/config.d/test_config.xml" + - "./clickhouse_server_config/certs:/etc/clickhouse-server/certs" clickhouse-client: image: "$ORG/clickhouse-server:$VERSION" diff --git a/tests/test_connect.py b/tests/test_connect.py index 5986db6c..43cb630a 100644 --- a/tests/test_connect.py +++ b/tests/test_connect.py @@ -306,6 +306,11 @@ def test_client_revision(self): with self.created_client(client_revision=54032) as client: client.execute('SELECT 1') + def test_client_with_no_cert_validation(self): + with self.created_client(port=self.secure_port, + secure=True, verify=False) as client: + client.execute('SELECT 1') + class FakeBufferedReader(BufferedReader): def __init__(self, inputs, bufsize=128): diff --git a/tests/testcase.py b/tests/testcase.py index 40b79b01..18041bcc 100644 --- a/tests/testcase.py +++ b/tests/testcase.py @@ -22,6 +22,7 @@ class BaseTestCase(TestCase): clickhouse_client_binary = file_config.get('db', 'client') host = file_config.get('db', 'host') port = file_config.getint('db', 'port') + secure_port = file_config.getint('db', 'secure_port') database = file_config.get('db', 'database') user = file_config.get('db', 'user') password = file_config.get('db', 'password')