Revert "roles: support ssl_verify_client option"

This reverts commit 5ebd39d.

Author: themilchenko

README.md

@@ -604,7 +604,6 @@ roles_cfg:
         ssl_ciphers: "cipher1:cipher2"
         ssl_password: "password"
         ssl_password_file: "path/to/ssl/password"
-        ssl_verify_client: "off"
 ```
 
 This role accepts a server by name from a config and creates a route to return 

roles/httpd.lua

@@ -104,7 +104,6 @@ local function parse_params(node)
         ssl_password_file = node.ssl_password_file,
         ssl_ca_file = node.ssl_ca_file,
         ssl_ciphers = node.ssl_ciphers,
-        ssl_verify_client = node.ssl_verify_client,
     }
 end
 

test/integration/httpd_role_test.lua

@@ -255,59 +255,3 @@ g.test_enable_tls_on_config_reload = function(cg)
     local resp = http_client:get('http://localhost:13000/ping')
     t.assert_equals(resp.status, 444, 'response not 444')
 end
-
-g.test_ssl_verify_client = function(cg)
-    t.skip_if(not cg.params.use_tls, 'tls config required')
-
-    local cfg = table.copy(tls_config)
-
-    cfg.groups['group-001'].replicasets['replicaset-001'].roles_cfg['roles.httpd'].default
-        .ssl_ca_file = fio.pathjoin(ssl_data_dir, 'ca.crt')
-    cfg.groups['group-001'].replicasets['replicaset-001'].roles_cfg['roles.httpd'].default
-        .ssl_verify_client = "on"
-    treegen.write_file(cg.server.chdir, 'config.yaml', yaml.encode(cfg))
-    local _, err = cg.server:eval("require('config'):reload()")
-    t.assert_not(err)
-
-    t.assert_error_msg_contains(helpers.CONNECTION_REFUSED_ERR_MSG, function()
-        http_client:get('https://localhost:13000/ping', {
-            ca_file = fio.pathjoin(ssl_data_dir, 'ca.crt')
-        })
-    end)
-
-    local resp = http_client:get('https://localhost:13000/ping', {
-        ca_file = fio.pathjoin(ssl_data_dir, 'ca.crt'),
-        ssl_cert = fio.pathjoin(ssl_data_dir, 'client.crt'),
-        ssl_key = fio.pathjoin(ssl_data_dir, 'client.key'),
-    })
-    t.assert_equals(resp.status, 200, 'response not 200')
-    t.assert_equals(resp.body, 'pong')
-
-    cfg.groups['group-001'].replicasets['replicaset-001'].roles_cfg['roles.httpd'].default
-        .ssl_verify_client = "optional"
-    treegen.write_file(cg.server.chdir, 'config.yaml', yaml.encode(cfg))
-    _, err = cg.server:eval("require('config'):reload()")
-    t.assert_not(err)
-
-    t.assert_error_msg_contains(helpers.CONNECTION_REFUSED_ERR_MSG, function()
-        http_client:get('https://localhost:13000/ping', {
-            ca_file = fio.pathjoin(ssl_data_dir, 'ca.crt'),
-            ssl_cert = fio.pathjoin(ssl_data_dir, 'bad_client.crt'),
-            ssl_key = fio.pathjoin(ssl_data_dir, 'bad_client.key'),
-        })
-    end)
-
-    resp = http_client:get('https://localhost:13000/ping', {
-        ca_file = fio.pathjoin(ssl_data_dir, 'ca.crt'),
-        ssl_cert = fio.pathjoin(ssl_data_dir, 'client.crt'),
-        ssl_key = fio.pathjoin(ssl_data_dir, 'client.key'),
-    })
-    t.assert_equals(resp.status, 200, 'response not 200')
-    t.assert_equals(resp.body, 'pong')
-end
-
-g.after_test('test_ssl_verify_client', function(cg)
-    treegen.write_file(cg.server.chdir, 'config.yaml', yaml.encode(tls_config))
-    local _, err = cg.server:eval("require('config'):reload()")
-    t.assert_not(err)
-end)

test/unit/httpd_role_test.lua

@@ -226,24 +226,6 @@ local validation_cases = {
             },
         },
         err = "log_requests option should be a string",
-    },
-    ["ssl_verify_client_invalid_type"] = {
-        cfg = {
-            server = {
-                listen = "localhost:123",
-                ssl_verify_client = 1,
-            }
-        },
-        err = "ssl_verify_client option must be a string",
-    },
-    ["ssl_verify_client_invalid_value"] = {
-        cfg = {
-            server = {
-                listen = "localhost:123",
-                ssl_verify_client = "unknown",
-            }
-        },
-        err = '"unknown" option not exists. Available options: "on", "off", "optional"',
     }
 }