Update CODEOWNERS to remove redundant entries

Removing myself as I have no maintainer's permissions to review the code
2025-12-11 10:34:51 +01:00
5 changed files with 20 additions and 19 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,5 +1,5 @@
 # AUTH
-auth/* @nuivall @ptrsmrn
+auth/* @nuivall

 # CACHE
 row_cache* @tgrabiec
@@ -25,11 +25,11 @@ compaction/* @raphaelsc
 transport/*

 # CQL QUERY LANGUAGE
-cql3/* @tgrabiec @nuivall @ptrsmrn
+cql3/* @tgrabiec @nuivall

 # COUNTERS
-counters* @nuivall @ptrsmrn
-tests/counter_test* @nuivall @ptrsmrn
+counters* @nuivall
+tests/counter_test* @nuivall

 # DOCS
 docs/* @annastuchlik @tzach
--- a/alternator/server.cc
+++ b/alternator/server.cc
@@ -979,8 +979,9 @@ client_data server::ongoing_request::make_client_data() const {
    // and keep "driver_version" unset.
    cd.driver_name = _user_agent;
    // Leave "protocol_version" unset, it has no meaning in Alternator.
-    // Leave "hostname", "ssl_protocol" and "ssl_cipher_suite" unset for Alternator.
-    // Note: CQL sets ssl_protocol and ssl_cipher_suite via generic_server::connection base class.
+    // Leave "hostname", "ssl_protocol" and "ssl_cipher_suite" unset.
+    // As reported in issue #9216, we never set these fields in CQL
+    // either (see cql_server::connection::make_client_data()).
    return cd;
 }

--- a/test/cqlpy/test_ssl.py
+++ b/test/cqlpy/test_ssl.py
@@ -14,7 +14,6 @@ import cassandra.cluster
 from contextlib import contextmanager
 import re
 import ssl
-import time


 # This function normalizes the SSL cipher suite name (a string),
@@ -67,12 +66,13 @@ def test_tls_versions(cql):
 # a regression test for #9216
 def test_system_clients_stores_tls_info(cql):
    if not cql.cluster.ssl_context:
-        table_result = cql.execute(f"SELECT * FROM system.clients")
-        for row in table_result:
-            assert not row.ssl_enabled
-            assert row.ssl_protocol is None
-            assert row.ssl_cipher_suite is None
-    else:
+            table_result = cql.execute(f"SELECT * FROM system.clients")
+            for row in table_result:
+                assert not row.ssl_enabled
+                assert row.ssl_protocol is None
+                assert row.ssl_cipher_suite is None
+
+    if cql.cluster.ssl_context:
        # TLS v1.2 must be supported, because this is the default version that
        # "cqlsh --ssl" uses. If this fact changes in the future, we may need
        # to reconsider this test.
@@ -82,8 +82,7 @@ def test_system_clients_stores_tls_info(cql):
            # so we need to retry until all connections are initialized and have their TLS info recorded in system.clients,
            # otherwise we'd end up with some connections e.g. having their ssl_enabled=True but other fields still None.
            expected_ciphers = [normalize_cipher(cipher['name']) for cipher in ssl.create_default_context().get_ciphers()]
-            deadline = time.time() + 10  # 10 seconds timeout
-            while time.time() < deadline:
+            for _ in range(1000):  # try for up to 1000 * 0.01s = 10s seconds
                rows = session.execute(f"SELECT * FROM system.clients")
                if rows and all(
                    row.ssl_enabled
@@ -93,7 +92,7 @@ def test_system_clients_stores_tls_info(cql):
                ):
                    return
                time.sleep(0.01)
-            pytest.fail(f"Not all connections have TLS data set correctly in system.clients after 10 seconds")
+            pytest.fail(f"Not all connections have TLS data set correctly in system.clients after 10s seconds")


@contextmanager
--- a/transport/generic_server.cc
+++ b/transport/generic_server.cc
@@ -414,8 +414,9 @@ future<> server::do_accepts(int which, bool keepalive, socket_address server_add
                                    conn->_ssl_cipher_suite = cipher_suite;
                                    return make_ready_future<bool>(true);
                                });
-                        }).handle_exception([conn](std::exception_ptr ep) {
-                            return seastar::make_exception_future<bool>(std::runtime_error(fmt::format("Inspecting TLS connection failed: {}", ep)));
+                        }).handle_exception([this, conn](std::exception_ptr ep) {
+                            _logger.warn("Inspecting TLS connection failed: {}", ep);
+                            return make_ready_future<bool>(false);
                        })
                    : make_ready_future<bool>(true)
                ).then([conn] (bool ok){
--- a/transport/generic_server.hh
+++ b/transport/generic_server.hh
@@ -63,7 +63,7 @@ protected:

    bool _ssl_enabled = false;
    std::optional<sstring> _ssl_cipher_suite = std::nullopt;
-    std::optional<sstring> _ssl_protocol = std::nullopt;
+    std::optional<sstring> _ssl_protocol = std::nullopt;;

 private:
    future<> process_until_tenant_switch();