From 41b722c3f7d583381008fb86968390033225cba1 Mon Sep 17 00:00:00 2001
From: Markus Hilger <markus.hilger@megware.com>
Date: Thu, 25 Jul 2024 18:38:23 +0200
Subject: [PATCH 1/4] Use natural sort for lists in json dumps

Previously, items were randomly arranged in lists in the json dump. This meant that the JSON files were different after each export.
Now they are naturally sorted and identical.
This should make it easier to save and compare the JSON dumps in version control systems.
---
 confluent_server/confluent/config/configmanager.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py
index 528924e8..6cbf4604 100644
--- a/confluent_server/confluent/config/configmanager.py
+++ b/confluent_server/confluent/config/configmanager.py
@@ -2647,7 +2647,7 @@ class ConfigManager(object):
                                 dumpdata[confarea][element][attribute]['cryptvalue'] = '!'.join(cryptval)
                     elif isinstance(dumpdata[confarea][element][attribute], set):
                         dumpdata[confarea][element][attribute] = \
-                            list(dumpdata[confarea][element][attribute])
+                            confluent.util.natural_sort(list(dumpdata[confarea][element][attribute]))
         return json.dumps(
             dumpdata, sort_keys=True, indent=4, separators=(',', ': '))
 

From 298be3b30a385af3c2506ba2737dbb530ac38e1d Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 25 Jul 2024 14:05:10 -0400
Subject: [PATCH 2/4] Point to the C context object rather than python class

The OpenSSL variant of Context is a python class, but it does have
a C context in it.
---
 confluent_server/confluent/sockapi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_server/confluent/sockapi.py b/confluent_server/confluent/sockapi.py
index 8aca0058..86534767 100644
--- a/confluent_server/confluent/sockapi.py
+++ b/confluent_server/confluent/sockapi.py
@@ -431,7 +431,7 @@ def _tlsstartup(cnn):
         ctx.use_certificate_file('/etc/confluent/srvcert.pem')
         ctx.use_privatekey_file('/etc/confluent/privkey.pem')
         ctx.set_verify(libssln.VERIFY_PEER, lambda *args: True)
-        ssl_ctx = PySSLContext.from_address(id(ctx)).ctx
+        ssl_ctx = PySSLContext.from_address(id(ctx._context)).ctx
         libsslc.SSL_CTX_set_cert_verify_callback(ssl_ctx, verify_stub, 0)
         cnn = libssl.Connection(ctx, cnn)
         cnn.set_accept_state()

From 626f16cb6fcac5a7c9531014766b287ac9ca2d72 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 25 Jul 2024 14:54:15 -0400
Subject: [PATCH 3/4] Ignore duplicate specifications of same key

Particularly if traversing a lot of linked configuration, the same key/cert
path may come up multiple times, check for equality
and if equal, just keep going.
---
 confluent_server/confluent/certutil.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_server/confluent/certutil.py b/confluent_server/confluent/certutil.py
index 9a478787..4ac67165 100644
--- a/confluent_server/confluent/certutil.py
+++ b/confluent_server/confluent/certutil.py
@@ -76,7 +76,7 @@ def get_certificate_paths():
                     continue
                 kploc = check_apache_config(os.path.join(currpath,
                                                                        fname))
-                if keypath and kploc[0]:
+                if keypath and kploc[0] and keypath != kploc[0]:
                     return None, None # Ambiguous...
                 if kploc[0]:
                     keypath, certpath = kploc

From dc7c9f4a3d324c8881fd312d8132ed8207f64e15 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 25 Jul 2024 15:25:09 -0400
Subject: [PATCH 4/4] Have SSDP fallback to unverified noderanges when looking
 at candidates

---
 confluent_server/confluent/discovery/protocols/ssdp.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/confluent_server/confluent/discovery/protocols/ssdp.py b/confluent_server/confluent/discovery/protocols/ssdp.py
index 3c1edc74..12ec4ba7 100644
--- a/confluent_server/confluent/discovery/protocols/ssdp.py
+++ b/confluent_server/confluent/discovery/protocols/ssdp.py
@@ -251,7 +251,10 @@ def snoop(handler, byehandler=None, protocol=None, uuidlookup=None):
                                                 break
                                         candmgrs = cfd.get(node, {}).get('collective.managercandidates', {}).get('value', None)
                                         if candmgrs:
-                                            candmgrs = noderange.NodeRange(candmgrs, cfg).nodes
+                                            try:
+                                                candmgrs = noderange.NodeRange(candmgrs, cfg).nodes
+                                            except Exception:
+                                                candmgrs = noderange.NodeRange(candmgrs).nodes
                                             if collective.get_myname() not in candmgrs:
                                                 break
                                         currtime = time.time()