-
Notifications
You must be signed in to change notification settings - Fork 758
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update PostgreSQL TLS config #853
Conversation
* Allow set CA or key / cert seperately for PostgreSQL * Add support of host name verification
host, _, err := net.SplitHostPort(cfg.ConnectAddr) | ||
if err != nil { | ||
return fmt.Errorf("error in host port from ConnectAddr: %v", err) | ||
} | ||
|
||
// TODO: create a way to set MinVersion and CipherSuites via cfg. | ||
tlsConfig := auth.NewTLSConfigForServer(host) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a bug on MySQL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because NewTLSConfigForServer is "for connecting as a TLS client to a server with a name we know and may want to verify"? because when i read the function name it makes me think its a config for a server listening on TLS. but this is not an issue with this PR and warrants a bigger discussion about how we are talking about TLS connections.
host, _, err := net.SplitHostPort(cfg.ConnectAddr) | ||
if err != nil { | ||
return fmt.Errorf("error in host port from ConnectAddr: %v", err) | ||
} | ||
|
||
// TODO: create a way to set MinVersion and CipherSuites via cfg. | ||
tlsConfig := auth.NewTLSConfigForServer(host) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because NewTLSConfigForServer is "for connecting as a TLS client to a server with a name we know and may want to verify"? because when i read the function name it makes me think its a config for a server listening on TLS. but this is not an issue with this PR and warrants a bigger discussion about how we are talking about TLS connections.
@underrun temporal/common/cassandra/cassandraCluster.go Lines 63 to 70 in 84053ea
|
What changed?
Why?
See above
How did you test it?
Install schema with CA or CA & key & cert
Potential risks
N/A