diff --git a/src/node/entities.h b/src/node/entities.h index 32bce8e6c..fcbd8946e 100644 --- a/src/node/entities.h +++ b/src/node/entities.h @@ -17,7 +17,6 @@ namespace ccf using NodeId = ObjectId; using UserId = ObjectId; using CallerId = ObjectId; - using CaId = ObjectId; using Cert = std::vector; using CodeVersion = ObjectId; diff --git a/tests/infra/ccf.py b/tests/infra/ccf.py index ccf3f5dda..a97d4d6c5 100644 --- a/tests/infra/ccf.py +++ b/tests/infra/ccf.py @@ -152,10 +152,11 @@ class Network: with node.management_client() as c: for _ in range(15): id = c.request(method="getCommit", params={}) - res = c.response(id).result - if res[b"commit"] >= 2 and res[b"term"] == 2: - LOG.info("Node {} has joined (client)".format(node_id)) - break + rep = c.response(id) + if rep.error is None: + if rep.result["commit"] >= 2 and rep.result["term"] == 2: + LOG.info("Node {} has joined (client)".format(node_id)) + break time.sleep(1) else: raise ValueError( @@ -496,6 +497,7 @@ class Node: "management", cert=None, key=None, + cafile="{}.pem".format(self.node_id), description="node {} (mgmt)".format(self.node_id), **kwargs, ) diff --git a/tests/infra/jsonrpc.py b/tests/infra/jsonrpc.py index 052c8003c..e092d478b 100644 --- a/tests/infra/jsonrpc.py +++ b/tests/infra/jsonrpc.py @@ -11,6 +11,9 @@ import logging import time import os from enum import IntEnum +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import asymmetric from loguru import logger as LOG @@ -140,6 +143,16 @@ class FramedTLSClient: def connect(self): if self.cafile: self.context = ssl.create_default_context(cafile=self.cafile) + + # Auto detect EC curve to use based on server CA + ca_bytes = open(self.cafile, "rb").read() + ca_curve = ( + x509.load_pem_x509_certificate(ca_bytes, default_backend()) + .public_key() + .curve + ) + if isinstance(ca_curve, asymmetric.ec.SECP256K1): + self.context.set_ecdh_curve("secp256k1") else: self.context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) if self.cert and self.key: