Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lightning: when tidb.tls config set to "false", TLSConfig didn't change, and db cannot connect #53001

Closed
AkiraXie opened this issue Apr 30, 2024 · 5 comments · Fixed by #53140
Closed

lightning: when tidb.tls config set to "false", TLSConfig didn't change, and db cannot connect #53001

AkiraXie opened this issue Apr 30, 2024 · 5 comments · Fixed by #53140
Assignees
@lance6716
Labels
affects-5.4 This bug affects 5.4.x versions. affects-6.1 affects-6.5 affects-7.1 affects-7.5 affects-8.1 component/lightning This issue is related to Lightning of TiDB. severity/major type/bug This issue is a bug.

Comments

@AkiraXie
Copy link

AkiraXie commented Apr 30, 2024
edited

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

  1. set lightning.toml security
    image

  2. set lightning config toml [tidb.tls] to "false"
    image

  3. tidb cluster open cluster tls but no client tls

2. What did you expect to see? (Required)

  1. db connect ok

3. What did you see instead (Required)

  1. tidb lightning encountered error: [Lightning:DB:ErrDBConnect]failed to connect database: TLS requested but server does not support TLS
  2. some code shows that tlsconfig won't change

    tidb/pkg/lightning/config/config.go

    Lines 177 to 200 in c60f97d

    if d.Security == nil {
    d.Security = s
    }
    switch d.TLS {
    case "skip-verify", "preferred":
    if d.Security.TLSConfig == nil {
    /* #nosec G402 */
    d.Security.TLSConfig = &tls.Config{
    MinVersion: tls.VersionTLS12,
    InsecureSkipVerify: true,
    NextProtos: []string{"h2", "http/1.1"}, // specify `h2` to let Go use HTTP/2.
    }
    d.Security.AllowFallbackToPlaintext = true
    }
    case "cluster":
    if len(s.CAPath) == 0 {
    return common.ErrInvalidConfig.GenWithStack("cannot set `tidb.tls` to 'cluster' without a [security] section")
    }
    case "", "false":
    d.TLS = "false"
    default:
    return common.ErrInvalidConfig.GenWithStack("unsupported `tidb.tls` config %s", d.TLS)
    }

4. What is your TiDB version? (Required)

master
@AkiraXie AkiraXie added the type/bug This issue is a bug. label Apr 30, 2024
@AkiraXie
Copy link
Author

/component lightning

@ti-chi-bot ti-chi-bot bot added the component/lightning This issue is related to Lightning of TiDB. label Apr 30, 2024
@lance6716
Copy link
Contributor

/assign @lyzx2001

@AkiraXie
Copy link
Author

/severity major

@lance6716
Copy link
Contributor

tidb cluster open cluster tls but no client tls

Why do you expect the client can connect to TiDB cluster? https://docs.pingcap.com/zh/tidb/dev/enable-tls-between-clients-and-servers#%E9%85%8D%E7%BD%AE%E5%90%AF%E7%94%A8%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81

@AkiraXie
Copy link
Author

AkiraXie commented May 4, 2024

tidb cluster open cluster tls but no client tls

Why do you expect the client can connect to TiDB cluster? https://docs.pingcap.com/zh/tidb/dev/enable-tls-between-clients-and-servers#%E9%85%8D%E7%BD%AE%E5%90%AF%E7%94%A8%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81

the cluster opened between-components tls but not between client-server tls , sorry for my incorrent words

@lance6716 lance6716 assigned lance6716 and unassigned lyzx2001 May 9, 2024
@lance6716 lance6716 mentioned this issue May 9, 2024
Merged
13 tasks
@ti-chi-bot ti-chi-bot bot closed this as completed in 9831208 May 10, 2024
@ti-chi-bot ti-chi-bot mentioned this issue May 10, 2024
Merged
13 tasks
ti-chi-bot bot pushed a commit that referenced this issue May 11, 2024
@ti-chi-bot
lightning/config: align the behaviour of tidb.tls to doc (#53140) (#5…
f689a82 
…3180)

close #53001
terry1purcell pushed a commit to terry1purcell/tidb that referenced this issue May 17, 2024
@lance6716 @terry1purcell
lightning/config: align the behaviour of tidb.tls to doc (pingcap#53140)
308e9a7 
close pingcap#53001
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lance6716 lance6716

Labels
affects-5.4 This bug affects 5.4.x versions. affects-6.1 affects-6.5 affects-7.1 affects-7.5 affects-8.1 component/lightning This issue is related to Lightning of TiDB. severity/major type/bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

lightning/config: align the behaviour of tidb.tls to doc lance6716/tidb
3 participants
@lance6716 @AkiraXie @lyzx2001