test_ssl: fix indentation

Preiously we were logging a broken TLS connection and then this has been
logged later again, so now instead of logging we're constructing an
exception with a message extened with TLS info, which later will be
catched with its full message still logged.

alternator/server.cc

@@ -979,9 +979,8 @@ client_data server::ongoing_request::make_client_data() const {
     // and keep "driver_version" unset.
     cd.driver_name = _user_agent;
     // Leave "protocol_version" unset, it has no meaning in Alternator.
-    // Leave "hostname", "ssl_protocol" and "ssl_cipher_suite" unset.
+    // Leave "hostname", "ssl_protocol" and "ssl_cipher_suite" unset for Alternator.
-    // As reported in issue #9216, we never set these fields in CQL
+    // Note: CQL sets ssl_protocol and ssl_cipher_suite via generic_server::connection base class.
-    // either (see cql_server::connection::make_client_data()).
     return cd;
 }
 

test/cqlpy/test_ssl.py

@@ -14,6 +14,7 @@ import cassandra.cluster
 from contextlib import contextmanager
 import re
 import ssl
+import time
 
 
 # This function normalizes the SSL cipher suite name (a string),
@@ -71,8 +72,7 @@ def test_system_clients_stores_tls_info(cql):
             assert not row.ssl_enabled
             assert row.ssl_protocol is None
             assert row.ssl_cipher_suite is None
-
+    else:
-    if cql.cluster.ssl_context:
         # TLS v1.2 must be supported, because this is the default version that
         # "cqlsh --ssl" uses. If this fact changes in the future, we may need
         # to reconsider this test.
@@ -82,7 +82,8 @@ def test_system_clients_stores_tls_info(cql):
             # so we need to retry until all connections are initialized and have their TLS info recorded in system.clients,
             # otherwise we'd end up with some connections e.g. having their ssl_enabled=True but other fields still None.
             expected_ciphers = [normalize_cipher(cipher['name']) for cipher in ssl.create_default_context().get_ciphers()]
-            for _ in range(1000):  # try for up to 1000 * 0.01s = 10s seconds
+            deadline = time.time() + 10  # 10 seconds timeout
+            while time.time() < deadline:
                 rows = session.execute(f"SELECT * FROM system.clients")
                 if rows and all(
                     row.ssl_enabled
@@ -92,7 +93,7 @@ def test_system_clients_stores_tls_info(cql):
                 ):
                     return
                 time.sleep(0.01)
-            pytest.fail(f"Not all connections have TLS data set correctly in system.clients after 10s seconds")
+            pytest.fail(f"Not all connections have TLS data set correctly in system.clients after 10 seconds")
 
 
 @contextmanager

transport/generic_server.cc

@@ -414,9 +414,8 @@ future<> server::do_accepts(int which, bool keepalive, socket_address server_add
                                     conn->_ssl_cipher_suite = cipher_suite;
                                     return make_ready_future<bool>(true);
                                 });
-                        }).handle_exception([this, conn](std::exception_ptr ep) {
+                        }).handle_exception([conn](std::exception_ptr ep) {
-                            _logger.warn("Inspecting TLS connection failed: {}", ep);
+                            return seastar::make_exception_future<bool>(std::runtime_error(fmt::format("Inspecting TLS connection failed: {}", ep)));
-                            return make_ready_future<bool>(false);
                         })
                     : make_ready_future<bool>(true)
                 ).then([conn] (bool ok){

transport/generic_server.hh

@@ -63,7 +63,7 @@ protected:
 
     bool _ssl_enabled = false;
     std::optional<sstring> _ssl_cipher_suite = std::nullopt;
-    std::optional<sstring> _ssl_protocol = std::nullopt;;
+    std::optional<sstring> _ssl_protocol = std::nullopt;
 
 private:
     future<> process_until_tenant_switch();