Move tls handshake errors to debug

Signed-off-by: R.I.Pienaar <[email protected]>
nats-io · Aug 9, 2024 · afb0322 · afb0322
1 parent e9ee2a0
commit afb0322
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 27 deletions.
diff --git a/server/client.go b/server/client.go
@@ -5910,9 +5910,9 @@ func (c *client) doTLSHandshake(typ string, solicit bool, url *url.URL, tlsConfi
 
 	if err != nil {
 		if kind == CLIENT {
-			c.Errorf("TLS handshake error: %v", err)
+			c.Debugf("TLS handshake error: %v", err)
 		} else {
-			c.Errorf("TLS %s handshake error: %v", typ, err)
+			c.Debugf("TLS %s handshake error: %v", typ, err)
 		}
 		c.closeConnection(TLSHandshakeError)
 

diff --git a/server/leafnode_test.go b/server/leafnode_test.go
@@ -34,7 +34,7 @@ import (
 	"github.com/nats-io/nkeys"
 
 	"github.com/klauspost/compress/s2"
-	jwt "github.com/nats-io/jwt/v2"
+	"github.com/nats-io/jwt/v2"
 	"github.com/nats-io/nats.go"
 
 	"github.com/nats-io/nats-server/v2/internal/testhelper"
@@ -337,12 +337,45 @@ func TestLeafNodeTLSRemoteWithNoCerts(t *testing.T) {
 
 type captureErrorLogger struct {
 	DummyLogger
-	errCh chan string
+	filter func(string) bool
+	errCh  chan string
+	sync.Mutex
+}
+
+func (l *captureErrorLogger) setFilter(f func(string) bool) {
+	l.Lock()
+	l.filter = f
+	l.Unlock()
 }
 
 func (l *captureErrorLogger) Errorf(format string, v ...any) {
+	msg := fmt.Sprintf(format, v...)
+
+	l.Lock()
+	defer l.Unlock()
+
+	if l.filter != nil && !l.filter(msg) {
+		return
+	}
+
 	select {
-	case l.errCh <- fmt.Sprintf(format, v...):
+	case l.errCh <- msg:
+	default:
+	}
+}
+
+func (l *captureErrorLogger) Debugf(format string, v ...any) {
+	msg := fmt.Sprintf(format, v...)
+
+	l.Lock()
+	defer l.Unlock()
+
+	if l.filter != nil && !l.filter(msg) {
+		return
+	}
+
+	select {
+	case l.errCh <- msg:
 	default:
 	}
 }
@@ -2624,7 +2657,7 @@ func TestLeafNodeTLSConfigReload(t *testing.T) {
 	defer srvA.Shutdown()
 
 	lg := &captureErrorLogger{errCh: make(chan string, 10)}
-	srvA.SetLogger(lg, false, false)
+	srvA.SetLogger(lg, true, false)
 
 	confB := createConfFile(t, []byte(fmt.Sprintf(`
 		listen: -1
@@ -2652,16 +2685,17 @@ func TestLeafNodeTLSConfigReload(t *testing.T) {
 	srvB := RunServer(optsB)
 	defer srvB.Shutdown()
 
-	// Wait for the error
-	select {
-	case err := <-lg.errCh:
+	lg.setFilter(func(m string) bool {
 		// Since Go 1.18, we had to regenerate certs to not have to use GODEBUG="x509sha1=1"
 		// But on macOS, with our test CA certs, no SCTs included, it will fail
 		// for the reason "x509: “localhost” certificate is not standards compliant"
 		// instead of "unknown authority".
-		if !strings.Contains(err, "unknown") && !strings.Contains(err, "compliant") {
-			t.Fatalf("Unexpected error: %v", err)
-		}
+		return strings.Contains(m, "unknown") || strings.Contains(m, "compliant")
+	})
+
+	// Wait for the error
+	select {
+	case <-lg.errCh:
 	case <-time.After(2 * time.Second):
 		t.Fatalf("Did not get TLS error")
 	}
@@ -2697,7 +2731,7 @@ func TestLeafNodeTLSConfigReloadForRemote(t *testing.T) {
 	defer srvA.Shutdown()
 
 	lg := &captureErrorLogger{errCh: make(chan string, 10)}
-	srvA.SetLogger(lg, false, false)
+	srvA.SetLogger(lg, true, false)
 
 	template := `
 		listen: -1
@@ -2719,12 +2753,12 @@ func TestLeafNodeTLSConfigReloadForRemote(t *testing.T) {
 	srvB, _ := RunServerWithConfig(confB)
 	defer srvB.Shutdown()
 
+	lg.setFilter(func(m string) bool {
+		return strings.Contains(m, "bad certificate")
+	})
 	// Wait for the error
 	select {
-	case err := <-lg.errCh:
-		if !strings.Contains(err, "bad certificate") {
-			t.Fatalf("Unexpected error: %v", err)
-		}
+	case <-lg.errCh:
 	case <-time.After(2 * time.Second):
 		t.Fatalf("Did not get TLS error")
 	}
@@ -3076,13 +3110,13 @@ func TestLeafNodeWSFailedConnection(t *testing.T) {
 	defer ln.Shutdown()
 
 	el := &captureErrorLogger{errCh: make(chan string, 100)}
-	ln.SetLogger(el, false, false)
+	ln.SetLogger(el, true, false)
 
+	el.setFilter(func(m string) bool {
+		return strings.Contains(m, "handshake error")
+	})
 	select {
-	case err := <-el.errCh:
-		if !strings.Contains(err, "handshake error") {
-			t.Fatalf("Unexpected error: %v", err)
-		}
+	case <-el.errCh:
 	case <-time.After(time.Second):
 		t.Fatal("No error reported!")
 	}
@@ -5002,17 +5036,18 @@ func TestLeafNodeTLSHandshakeFirst(t *testing.T) {
 	// handshake first since the hub is configured that way.
 	// Set a logger on s1 to capture errors
 	l := &captureErrorLogger{errCh: make(chan string, 10)}
-	s1.SetLogger(l, false, false)
+	s1.SetLogger(l, true, false)
 
 	confSpoke = createConfFile(t, []byte(fmt.Sprintf(tmpl2, o1.LeafNode.Port, "false")))
 	s2, _ = RunServerWithConfig(confSpoke)
 	defer s2.Shutdown()
 
+	l.setFilter(func(m string) bool {
+		return strings.Contains(m, "handshake error")
+	})
+
 	select {
-	case err := <-l.errCh:
-		if !strings.Contains(err, "handshake error") {
-			t.Fatalf("Unexpected error: %v", err)
-		}
+	case <-l.errCh:
 	case <-time.After(2 * time.Second):
 		t.Fatal("Did not get TLS handshake failure")
 	}