mirror of
https://gitlab.isc.org/isc-projects/kea
synced 2025-08-22 01:49:48 +00:00
[#3694] throw error when switching from/to TLS
This commit is contained in:
Razvan Becheriu
parent
de694a024f
commit
aa5ccbc779
@ -259,6 +259,9 @@ Configuring only one or two string parameters results in an error.
|
||||
mutually authenticated, but there is no proof they are the same as
|
||||
for the HTTP authentication.
|
||||
|
||||
A different address or port must be specified when using the "config-set"
|
||||
command to switch from HTTP to HTTPS or from HTTPS to HTTP.
|
||||
|
||||
The :iscman:`kea-shell` tool also supports TLS.
|
||||
|
||||
.. _agent-launch:
|
||||
|
||||
@ -428,6 +428,8 @@ password, these values can be read from files. The syntax is extended by:
|
||||
|
||||
Since Kea-2.7.6 Kea supports multiple HTTP/HTTPS connections.
|
||||
Both IPv4 and IPv6 addresses can be used.
|
||||
A different address or port must be specified when using the "config-set"
|
||||
command to switch from HTTP to HTTPS or from HTTPS to HTTP.
|
||||
|
||||
When files are used, they are read when the configuration is loaded,
|
||||
to detect configuration errors as soon as possible.
|
||||
|
||||
@ -7922,6 +7922,8 @@ password, these values can be read from files. The syntax is extended by:
|
||||
|
||||
Since Kea-2.7.6 Kea supports multiple HTTP/HTTPS connections.
|
||||
Both IPv4 and IPv6 addresses can be used.
|
||||
A different address or port must be specified when using the "config-set"
|
||||
command to switch from HTTP to HTTPS or from HTTPS to HTTP.
|
||||
|
||||
When files are used, they are read when the configuration is loaded,
|
||||
to detect configuration errors as soon as possible.
|
||||
|
||||
@ -7723,6 +7723,8 @@ password, these values can be read from files. The syntax is extended by:
|
||||
|
||||
Since Kea-2.7.6 Kea supports multiple HTTP/HTTPS connections.
|
||||
Both IPv4 and IPv6 addresses can be used.
|
||||
A different address or port must be specified when using the "config-set"
|
||||
command to switch from HTTP to HTTPS or from HTTPS to HTTP.
|
||||
|
||||
When files are used, they are read when the configuration is loaded,
|
||||
to detect configuration errors as soon as possible.
|
||||
|
||||
@ -15,10 +15,10 @@ extern const isc::log::MessageID CTRL_AGENT_CONFIG_CHECK_FAIL = "CTRL_AGENT_CONF
|
||||
extern const isc::log::MessageID CTRL_AGENT_CONFIG_FAIL = "CTRL_AGENT_CONFIG_FAIL";
|
||||
extern const isc::log::MessageID CTRL_AGENT_CONFIG_SYNTAX_WARNING = "CTRL_AGENT_CONFIG_SYNTAX_WARNING";
|
||||
extern const isc::log::MessageID CTRL_AGENT_FAILED = "CTRL_AGENT_FAILED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_REUSED = "CTRL_AGENT_HTTPS_SERVICE_REUSED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_REUSE_FAILED = "CTRL_AGENT_HTTPS_SERVICE_REUSE_FAILED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_STARTED = "CTRL_AGENT_HTTPS_SERVICE_STARTED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_UPDATED = "CTRL_AGENT_HTTPS_SERVICE_UPDATED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSED = "CTRL_AGENT_HTTP_SERVICE_REUSED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED = "CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_STARTED = "CTRL_AGENT_HTTP_SERVICE_STARTED";
|
||||
extern const isc::log::MessageID CTRL_AGENT_RUN_EXIT = "CTRL_AGENT_RUN_EXIT";
|
||||
extern const isc::log::MessageID CTRL_AGENT_STARTED = "CTRL_AGENT_STARTED";
|
||||
@ -37,10 +37,10 @@ const char* values[] = {
|
||||
"CTRL_AGENT_CONFIG_FAIL", "Control Agent configuration failed: %1",
|
||||
"CTRL_AGENT_CONFIG_SYNTAX_WARNING", "Control Agent configuration syntax warning: %1",
|
||||
"CTRL_AGENT_FAILED", "application experienced a fatal error: %1",
|
||||
"CTRL_AGENT_HTTPS_SERVICE_REUSED", "reused HTTPS service bound to address %1:%2",
|
||||
"CTRL_AGENT_HTTPS_SERVICE_REUSE_FAILED", "failed to reuse HTTPS service bound to address %1:%2",
|
||||
"CTRL_AGENT_HTTPS_SERVICE_STARTED", "HTTPS service bound to address %1:%2",
|
||||
"CTRL_AGENT_HTTPS_SERVICE_UPDATED", "reused HTTPS service bound to address %1:%2 and updated TLS settings",
|
||||
"CTRL_AGENT_HTTP_SERVICE_REUSED", "reused HTTP service bound to address %1:%2",
|
||||
"CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED", "failed to reused HTTP service bound to address %1:%2",
|
||||
"CTRL_AGENT_HTTP_SERVICE_STARTED", "HTTP service bound to address %1:%2",
|
||||
"CTRL_AGENT_RUN_EXIT", "application is exiting the event loop",
|
||||
"CTRL_AGENT_STARTED", "Kea Control Agent version %1 started",
|
||||
|
||||
@ -16,10 +16,10 @@ extern const isc::log::MessageID CTRL_AGENT_CONFIG_CHECK_FAIL;
|
||||
extern const isc::log::MessageID CTRL_AGENT_CONFIG_FAIL;
|
||||
extern const isc::log::MessageID CTRL_AGENT_CONFIG_SYNTAX_WARNING;
|
||||
extern const isc::log::MessageID CTRL_AGENT_FAILED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_REUSED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_REUSE_FAILED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_STARTED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_UPDATED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_STARTED;
|
||||
extern const isc::log::MessageID CTRL_AGENT_RUN_EXIT;
|
||||
extern const isc::log::MessageID CTRL_AGENT_STARTED;
|
||||
|
||||
@ -43,10 +43,10 @@ error. The error was displayed and the configuration parsing resumed.
|
||||
This is a fatal error message issued when the Control Agent application
|
||||
encounters an unrecoverable error from within the event loop.
|
||||
|
||||
% CTRL_AGENT_HTTPS_SERVICE_REUSED reused HTTPS service bound to address %1:%2
|
||||
This informational message indicates that the server has reused existing
|
||||
HTTPS service on the specified address and port. Note that any change in
|
||||
the TLS setup was ignored.
|
||||
% CTRL_AGENT_HTTPS_SERVICE_REUSE_FAILED failed to reuse HTTPS service bound to address %1:%2
|
||||
This error message indicates that the server has failed reusing existing
|
||||
HTTPS service on the specified address and port. The server can not swith from
|
||||
HTTPS to HTTP sockets using the same address and port.
|
||||
|
||||
% CTRL_AGENT_HTTPS_SERVICE_STARTED HTTPS service bound to address %1:%2
|
||||
This informational message indicates that the server has started HTTPS service
|
||||
@ -58,9 +58,10 @@ This informational message indicates that the server has reused existing
|
||||
HTTPS service on the specified address and port. Note that any change in
|
||||
the TLS setup has been applied.
|
||||
|
||||
% CTRL_AGENT_HTTP_SERVICE_REUSED reused HTTP service bound to address %1:%2
|
||||
This informational message indicates that the server has reused existing
|
||||
HTTP service on the specified address and port.
|
||||
% CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED failed to reused HTTP service bound to address %1:%2
|
||||
This error message indicates that the server has failed reusing existing
|
||||
HTTP service on the specified address and port. The server can not swith from
|
||||
HTTP to HTTPS sockets using the same address and port.
|
||||
|
||||
% CTRL_AGENT_HTTP_SERVICE_STARTED HTTP service bound to address %1:%2
|
||||
This informational message indicates that the server has started HTTP service
|
||||
|
||||
@ -145,9 +145,11 @@ CtrlAgentProcess::configure(isc::data::ConstElementPtr config_set,
|
||||
if (listener->getTlsContext()) {
|
||||
if (ctx->getTrustAnchor().empty()) {
|
||||
// Can not switch from HTTPS to HTTP
|
||||
LOG_ERROR(agent_logger, CTRL_AGENT_HTTPS_SERVICE_REUSED)
|
||||
LOG_ERROR(agent_logger, CTRL_AGENT_HTTPS_SERVICE_REUSE_FAILED)
|
||||
.arg(server_address.toText())
|
||||
.arg(server_port);
|
||||
isc_throw(BadValue,
|
||||
"Can not switch from HTTPS to HTTP sockets using the same address and port.");
|
||||
} else {
|
||||
// Apply TLS settings each time.
|
||||
TlsContextPtr tls_context;
|
||||
@ -167,9 +169,11 @@ CtrlAgentProcess::configure(isc::data::ConstElementPtr config_set,
|
||||
}
|
||||
} else if (!ctx->getTrustAnchor().empty()) {
|
||||
// Can not switch from HTTP to HTTPS
|
||||
LOG_ERROR(agent_logger, CTRL_AGENT_HTTP_SERVICE_REUSED)
|
||||
LOG_ERROR(agent_logger, CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED)
|
||||
.arg(server_address.toText())
|
||||
.arg(server_port);
|
||||
isc_throw(BadValue,
|
||||
"Can not switch from HTTP to HTTPS sockets using the same address and port.");
|
||||
}
|
||||
}
|
||||
// If the connection can be reused, mark it as usable.
|
||||
|
||||
@ -583,8 +583,8 @@ TEST_F(CtrlAgentControllerTest, noListenerChangeHttps) {
|
||||
EXPECT_FALSE(process->isListening());
|
||||
}
|
||||
|
||||
// Verify that the reload will reuse listener
|
||||
TEST_F(CtrlAgentControllerTest, ignoreHttpToHttpsSwitch) {
|
||||
// Verify that the reload will issue an error
|
||||
TEST_F(CtrlAgentControllerTest, handleHttpToHttpsSwitch) {
|
||||
string ca_dir(string(TEST_CA_DIR));
|
||||
|
||||
// This configuration should be used to override the initial configuration.
|
||||
@ -653,9 +653,9 @@ TEST_F(CtrlAgentControllerTest, ignoreHttpToHttpsSwitch) {
|
||||
EXPECT_EQ("127.0.0.1", ctx->getHttpHost());
|
||||
EXPECT_EQ(8081, ctx->getHttpPort());
|
||||
|
||||
// The forwarding configuration should have been updated.
|
||||
testUnixSocketInfo("dhcp4", "/second/dhcp4/socket");
|
||||
testUnixSocketInfo("dhcp6", "/second/dhcp6/socket");
|
||||
// The forwarding configuration should have not been updated.
|
||||
testUnixSocketInfo("dhcp4", "/first/dhcp4/socket");
|
||||
testUnixSocketInfo("dhcp6", "/first/dhcp6/socket");
|
||||
|
||||
CtrlAgentProcessPtr process = getCtrlAgentProcess();
|
||||
ASSERT_TRUE(process);
|
||||
@ -664,8 +664,8 @@ TEST_F(CtrlAgentControllerTest, ignoreHttpToHttpsSwitch) {
|
||||
EXPECT_FALSE(process->isListening());
|
||||
}
|
||||
|
||||
// Verify that the reload will reuse listener
|
||||
TEST_F(CtrlAgentControllerTest, ignoreHttpsToHttpSwitch) {
|
||||
// Verify that the reload will issue an error
|
||||
TEST_F(CtrlAgentControllerTest, handleHttpsToHttpSwitch) {
|
||||
string ca_dir(string(TEST_CA_DIR));
|
||||
ostringstream agent_st;
|
||||
agent_st << "{"
|
||||
@ -753,9 +753,9 @@ TEST_F(CtrlAgentControllerTest, ignoreHttpsToHttpSwitch) {
|
||||
EXPECT_EQ("127.0.0.1", ctx->getHttpHost());
|
||||
EXPECT_EQ(8081, ctx->getHttpPort());
|
||||
|
||||
// The forwarding configuration should have been updated.
|
||||
testUnixSocketInfo("dhcp4", "/second/dhcp4/socket");
|
||||
testUnixSocketInfo("dhcp6", "/second/dhcp6/socket");
|
||||
// The forwarding configuration should have not been updated.
|
||||
testUnixSocketInfo("dhcp4", "/first/dhcp4/socket");
|
||||
testUnixSocketInfo("dhcp6", "/first/dhcp6/socket");
|
||||
|
||||
CtrlAgentProcessPtr process = getCtrlAgentProcess();
|
||||
ASSERT_TRUE(process);
|
||||
|
||||
@ -2149,8 +2149,8 @@ TEST_F(HttpsCtrlChannelD2Test, noListenerChange) {
|
||||
EXPECT_EQ(1, keys->size());
|
||||
}
|
||||
|
||||
// Verify that the "config-set" command will reuse listener
|
||||
TEST_F(HttpCtrlChannelD2Test, ignoreHttpToHttpsSwitch) {
|
||||
// Verify that the "config-set" command will exit with an error
|
||||
TEST_F(HttpCtrlChannelD2Test, handleHttpToHttpsSwitch) {
|
||||
|
||||
string d2_cfg_txt =
|
||||
" { \n"
|
||||
@ -2235,20 +2235,20 @@ TEST_F(HttpCtrlChannelD2Test, ignoreHttpToHttpsSwitch) {
|
||||
EXPECT_EQ(listener, HttpCommandMgr::instance().getHttpListener().get());
|
||||
ASSERT_FALSE(HttpCommandMgr::instance().getHttpListener()->getTlsContext());
|
||||
|
||||
// Verify the configuration was successful.
|
||||
EXPECT_NE(response.find("\"result\": 0"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Configuration applied successfully.\""),
|
||||
// Verify the configuration was rejected.
|
||||
EXPECT_NE(response.find("\"result\": 1"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Can not switch from HTTP to HTTPS sockets using the same address and port.\""),
|
||||
std::string::npos);
|
||||
|
||||
// Check that the config was applied.
|
||||
// Check that the config was not applied.
|
||||
d2_context = cfg_mgr->getD2CfgContext();
|
||||
keys = d2_context->getKeys();
|
||||
ASSERT_TRUE(keys);
|
||||
EXPECT_EQ(1, keys->size());
|
||||
}
|
||||
|
||||
// Verify that the "config-set" command will reuse listener
|
||||
TEST_F(HttpsCtrlChannelD2Test, ignoreHttpsToHttpSwitch) {
|
||||
// Verify that the "config-set" command will exit with an error
|
||||
TEST_F(HttpsCtrlChannelD2Test, handleHttpsToHttpSwitch) {
|
||||
|
||||
string ca_dir(string(TEST_CA_DIR));
|
||||
ostringstream d2_st;
|
||||
@ -2343,11 +2343,11 @@ TEST_F(HttpsCtrlChannelD2Test, ignoreHttpsToHttpSwitch) {
|
||||
// The TLS settings have not changed
|
||||
EXPECT_EQ(context, HttpCommandMgr::instance().getHttpListener()->getTlsContext().get());
|
||||
|
||||
// Verify the configuration was successful.
|
||||
EXPECT_EQ("[ { \"arguments\": { \"hash\": \"029AE1208415D6911B5651A6F82D054F55B7877D2589CFD1DCEB5BFFCD3B13A3\" }, \"result\": 0, \"text\": \"Configuration applied successfully.\" } ]",
|
||||
// Verify the configuration was rejected.
|
||||
EXPECT_EQ("[ { \"result\": 1, \"text\": \"Can not switch from HTTPS to HTTP sockets using the same address and port.\" } ]",
|
||||
response);
|
||||
|
||||
// Check that the config was applied.
|
||||
// Check that the config was not applied.
|
||||
d2_context = cfg_mgr->getD2CfgContext();
|
||||
keys = d2_context->getKeys();
|
||||
ASSERT_TRUE(keys);
|
||||
|
||||
@ -3654,8 +3654,8 @@ TEST_F(HttpsCtrlChannelDhcpv4Test, noListenerChange) {
|
||||
CfgMgr::instance().clear();
|
||||
}
|
||||
|
||||
// Verify that the "config-set" command will reuse listener
|
||||
TEST_F(HttpCtrlChannelDhcpv4Test, ignoredHttpToHttpsSwitch) {
|
||||
// Verify that the "config-set" command will exit with an error
|
||||
TEST_F(HttpCtrlChannelDhcpv4Test, handleHttpToHttpsSwitch) {
|
||||
createHttpChannelServer();
|
||||
|
||||
// Define strings to permutate the config arguments
|
||||
@ -3788,8 +3788,8 @@ TEST_F(HttpCtrlChannelDhcpv4Test, ignoredHttpToHttpsSwitch) {
|
||||
EXPECT_EQ(listener, HttpCommandMgr::instance().getHttpListener().get());
|
||||
ASSERT_FALSE(HttpCommandMgr::instance().getHttpListener()->getTlsContext());
|
||||
|
||||
EXPECT_NE(response.find("\"result\": 0"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Configuration successful.\""),
|
||||
EXPECT_NE(response.find("\"result\": 1"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Can not switch from HTTP to HTTPS sockets using the same address and port.\""),
|
||||
std::string::npos);
|
||||
|
||||
// Check that the config was not lost
|
||||
@ -3800,8 +3800,8 @@ TEST_F(HttpCtrlChannelDhcpv4Test, ignoredHttpToHttpsSwitch) {
|
||||
CfgMgr::instance().clear();
|
||||
}
|
||||
|
||||
// Verify that the "config-set" command will reuse listener
|
||||
TEST_F(HttpsCtrlChannelDhcpv4Test, ignoreHttpsToHttpSwitch) {
|
||||
// Verify that the "config-set" command will exit with an error
|
||||
TEST_F(HttpsCtrlChannelDhcpv4Test, handleHttpsToHttpSwitch) {
|
||||
createHttpChannelServer();
|
||||
|
||||
// Define strings to permutate the config arguments
|
||||
@ -3943,8 +3943,8 @@ TEST_F(HttpsCtrlChannelDhcpv4Test, ignoreHttpsToHttpSwitch) {
|
||||
ASSERT_TRUE(HttpCommandMgr::instance().getHttpListener()->getTlsContext());
|
||||
EXPECT_EQ(context, HttpCommandMgr::instance().getHttpListener()->getTlsContext().get());
|
||||
|
||||
EXPECT_NE(response.find("\"result\": 0"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Configuration successful.\""),
|
||||
EXPECT_NE(response.find("\"result\": 1"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Can not switch from HTTPS to HTTP sockets using the same address and port.\""),
|
||||
std::string::npos);
|
||||
|
||||
// Check that the config was not lost
|
||||
|
||||
@ -3665,8 +3665,8 @@ TEST_F(HttpsCtrlChannelDhcpv6Test, noListenerChange) {
|
||||
CfgMgr::instance().clear();
|
||||
}
|
||||
|
||||
// Verify that the "config-set" command will reuse listener
|
||||
TEST_F(HttpCtrlChannelDhcpv6Test, ignoreHttpToHttpsSwitch) {
|
||||
// Verify that the "config-set" command will exit with an error
|
||||
TEST_F(HttpCtrlChannelDhcpv6Test, handleHttpToHttpsSwitch) {
|
||||
createHttpChannelServer();
|
||||
|
||||
// Define strings to permutate the config arguments
|
||||
@ -3800,8 +3800,8 @@ TEST_F(HttpCtrlChannelDhcpv6Test, ignoreHttpToHttpsSwitch) {
|
||||
EXPECT_EQ(listener, HttpCommandMgr::instance().getHttpListener().get());
|
||||
ASSERT_FALSE(HttpCommandMgr::instance().getHttpListener()->getTlsContext());
|
||||
|
||||
EXPECT_NE(response.find("\"result\": 0"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Configuration successful.\""),
|
||||
EXPECT_NE(response.find("\"result\": 1"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Can not switch from HTTP to HTTPS sockets using the same address and port.\""),
|
||||
std::string::npos);
|
||||
|
||||
// Check that the config was not lost
|
||||
@ -3812,8 +3812,8 @@ TEST_F(HttpCtrlChannelDhcpv6Test, ignoreHttpToHttpsSwitch) {
|
||||
CfgMgr::instance().clear();
|
||||
}
|
||||
|
||||
// Verify that the "config-set" command will reuse listener
|
||||
TEST_F(HttpsCtrlChannelDhcpv6Test, ignoreHttpsToHttpSwitch) {
|
||||
// Verify that the "config-set" command will exit with an error
|
||||
TEST_F(HttpsCtrlChannelDhcpv6Test, handleHttpsToHttpSwitch) {
|
||||
createHttpChannelServer();
|
||||
|
||||
// Define strings to permutate the config arguments
|
||||
@ -3956,8 +3956,8 @@ TEST_F(HttpsCtrlChannelDhcpv6Test, ignoreHttpsToHttpSwitch) {
|
||||
ASSERT_TRUE(HttpCommandMgr::instance().getHttpListener()->getTlsContext());
|
||||
EXPECT_EQ(context, HttpCommandMgr::instance().getHttpListener()->getTlsContext().get());
|
||||
|
||||
EXPECT_NE(response.find("\"result\": 0"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Configuration successful.\""),
|
||||
EXPECT_NE(response.find("\"result\": 1"), std::string::npos);
|
||||
EXPECT_NE(response.find("\"text\": \"Can not switch from HTTPS to HTTP sockets using the same address and port.\""),
|
||||
std::string::npos);
|
||||
|
||||
// Check that the config was not lost
|
||||
|
||||
@ -34,9 +34,9 @@ extern const isc::log::MessageID COMMAND_SOCKET_WRITE_FAIL = "COMMAND_SOCKET_WRI
|
||||
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_CLEAR_ERROR = "COMMAND_WATCH_SOCKET_CLEAR_ERROR";
|
||||
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_CLOSE_ERROR = "COMMAND_WATCH_SOCKET_CLOSE_ERROR";
|
||||
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_MARK_READY_ERROR = "COMMAND_WATCH_SOCKET_MARK_READY_ERROR";
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED = "HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED";
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSE_FAILED = "HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSE_FAILED";
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED = "HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED";
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED = "HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED";
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTP_SERVICE_REUSE_FAILED = "HTTP_COMMAND_MGR_HTTP_SERVICE_REUSE_FAILED";
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STARTED = "HTTP_COMMAND_MGR_SERVICE_STARTED";
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING = "HTTP_COMMAND_MGR_SERVICE_STOPPING";
|
||||
|
||||
@ -73,9 +73,9 @@ const char* values[] = {
|
||||
"COMMAND_WATCH_SOCKET_CLEAR_ERROR", "watch socket failed to clear: %1",
|
||||
"COMMAND_WATCH_SOCKET_CLOSE_ERROR", "watch socket failed to close: %1",
|
||||
"COMMAND_WATCH_SOCKET_MARK_READY_ERROR", "watch socket failed to mark ready: %1",
|
||||
"HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED", "reused HTTPS service bound to address %1:%2",
|
||||
"HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSE_FAILED", "failed to reused HTTPS service bound to address %1:%2",
|
||||
"HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED", "reused HTTPS service bound to address %1:%2 and updated TLS settings",
|
||||
"HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED", "reused HTTP service bound to address %1:%2",
|
||||
"HTTP_COMMAND_MGR_HTTP_SERVICE_REUSE_FAILED", "failed to reused HTTP service bound to address %1:%2",
|
||||
"HTTP_COMMAND_MGR_SERVICE_STARTED", "started %1 service bound to address %2 port %3",
|
||||
"HTTP_COMMAND_MGR_SERVICE_STOPPING", "Server is stopping %1 service %2",
|
||||
NULL
|
||||
|
||||
@ -35,9 +35,9 @@ extern const isc::log::MessageID COMMAND_SOCKET_WRITE_FAIL;
|
||||
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_CLEAR_ERROR;
|
||||
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_CLOSE_ERROR;
|
||||
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_MARK_READY_ERROR;
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED;
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSE_FAILED;
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED;
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED;
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTP_SERVICE_REUSE_FAILED;
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STARTED;
|
||||
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING;
|
||||
|
||||
|
||||
@ -153,19 +153,20 @@ ready status after scheduling asynchronous send. This is programmatic error
|
||||
that should be reported. The command manager may or may not continue
|
||||
to operate correctly.
|
||||
|
||||
% HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED reused HTTPS service bound to address %1:%2
|
||||
This informational message indicates that the server has reused existing
|
||||
HTTPS service on the specified address and port. Note that any change in
|
||||
the TLS setup was ignored.
|
||||
% HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSE_FAILED failed to reused HTTPS service bound to address %1:%2
|
||||
This error message indicates that the server has failed reusing existing
|
||||
HTTPS service on the specified address and port. The server can not swith from
|
||||
HTTPS to HTTP sockets using the same address and port.
|
||||
|
||||
% HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED reused HTTPS service bound to address %1:%2 and updated TLS settings
|
||||
This informational message indicates that the server has reused existing
|
||||
HTTPS service on the specified address and port. Note that any change in
|
||||
the TLS setup has been applied.
|
||||
|
||||
% HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED reused HTTP service bound to address %1:%2
|
||||
This informational message indicates that the server has reused existing
|
||||
HTTP service on the specified address and port.
|
||||
% HTTP_COMMAND_MGR_HTTP_SERVICE_REUSE_FAILED failed to reused HTTP service bound to address %1:%2
|
||||
This error message indicates that the server has failed reusing existing
|
||||
HTTP service on the specified address and port. The server can not swith from
|
||||
HTTP to HTTPS sockets using the same address and port.
|
||||
|
||||
% HTTP_COMMAND_MGR_SERVICE_STARTED started %1 service bound to address %2 port %3
|
||||
This informational message indicates that the server has started
|
||||
|
||||
@ -135,9 +135,11 @@ HttpCommandMgrImpl::openCommandSocket(const isc::data::ConstElementPtr config) {
|
||||
if (listener->getTlsContext()) {
|
||||
if (cmd_config->getTrustAnchor().empty()) {
|
||||
// Can not switch from HTTPS to HTTP
|
||||
LOG_ERROR(command_logger, HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED)
|
||||
LOG_ERROR(command_logger, HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSE_FAILED)
|
||||
.arg(server_address.toText())
|
||||
.arg(server_port);
|
||||
isc_throw(BadValue,
|
||||
"Can not switch from HTTPS to HTTP sockets using the same address and port.");
|
||||
} else {
|
||||
// Apply TLS settings each time.
|
||||
TlsContextPtr tls_context;
|
||||
@ -159,9 +161,11 @@ HttpCommandMgrImpl::openCommandSocket(const isc::data::ConstElementPtr config) {
|
||||
}
|
||||
} else if (!cmd_config->getTrustAnchor().empty()) {
|
||||
// Can not switch from HTTP to HTTPS
|
||||
LOG_ERROR(command_logger, HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED)
|
||||
LOG_ERROR(command_logger, HTTP_COMMAND_MGR_HTTP_SERVICE_REUSE_FAILED)
|
||||
.arg(server_address.toText())
|
||||
.arg(server_port);
|
||||
isc_throw(BadValue,
|
||||
"Can not switch from HTTP to HTTPS sockets using the same address and port.");
|
||||
}
|
||||
}
|
||||
// If the connection can be reused, mark it as usable.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user