Update PostgreSQL TLS config #853
Conversation
* Allow set CA or key / cert seperately for PostgreSQL * Add support of host name verification
| host, _, err := net.SplitHostPort(cfg.ConnectAddr) | ||
| if err != nil { | ||
| return fmt.Errorf("error in host port from ConnectAddr: %v", err) | ||
| } | ||
|
|
||
| // TODO: create a way to set MinVersion and CipherSuites via cfg. | ||
| tlsConfig := auth.NewTLSConfigForServer(host) |
There was a problem hiding this comment.
this is a bug on MySQL
There was a problem hiding this comment.
because NewTLSConfigForServer is "for connecting as a TLS client to a server with a name we know and may want to verify"? because when i read the function name it makes me think its a config for a server listening on TLS. but this is not an issue with this PR and warrants a bigger discussion about how we are talking about TLS connections.
| host, _, err := net.SplitHostPort(cfg.ConnectAddr) | ||
| if err != nil { | ||
| return fmt.Errorf("error in host port from ConnectAddr: %v", err) | ||
| } | ||
|
|
||
| // TODO: create a way to set MinVersion and CipherSuites via cfg. | ||
| tlsConfig := auth.NewTLSConfigForServer(host) |
There was a problem hiding this comment.
because NewTLSConfigForServer is "for connecting as a TLS client to a server with a name we know and may want to verify"? because when i read the function name it makes me think its a config for a server listening on TLS. but this is not an issue with this PR and warrants a bigger discussion about how we are talking about TLS connections.
@underrun temporal/common/cassandra/cassandraCluster.go Lines 63 to 70 in 84053ea |
What changed?
Why?
See above
How did you test it?
Install schema with CA or CA & key & cert
Potential risks
N/A