Fix TLS generation script to use RSA keys instead of EC keys

River2000i · Nov 19, 2024 · 3f27bce · 3f27bce
1 parent d40822f
commit 3f27bce
Show file tree

Hide file tree

Showing 7 changed files with 114 additions and 50 deletions.
diff --git a/dm/tests/tls/conf/ca.pem b/dm/tests/tls/conf/ca.pem
@@ -1,8 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIIBGDCBwAIJAOjYXLFw5V1HMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMMCWxvY2Fs
-aG9zdDAgFw0yMDAzMTcxMjAwMzNaGA8yMjkzMTIzMTEyMDAzM1owFDESMBAGA1UE
-AwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEglCIJD8uVBfD
-kuM+UQP+VA7Srbz17WPLA0Sqc+sQ2p6fT6HYKCW60EXiZ/yEC0925iyVbXEEbX4J
-xCc2Heow5TAKBggqhkjOPQQDAgNHADBEAiAILL3Zt/3NFeDW9c9UAcJ9lc92E0ZL
-GNDuH6i19Fex3wIgT0ZMAKAFSirGGtcLu0emceuk+zVKjJzmYbsLdpj/JuQ=
+MIICsTCCAZkCFBW2dYDlpiY0fQo4/BbVb4kWuLGMMA0GCSqGSIb3DQEBCwUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0yNDExMTkwMjUxNThaGA8yMjk4MDkwNDAy
+NTE1OFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAzNlitARpbbz2zDeze6X70vGg5Ti0t7xz7MsAAl9ESyf6i/XD
+zBDGN5w18YaPUsXbOFz5dJeWtVK8xheJCN19RwYUGWf6BGuLohCA7ygSy43ICVNJ
+xeW47xev4RcACu/C2UelBaVQLleSKsMFtEwuGJTlGL9nfxR3NKw7JUYntcy0+1c9
+GJQunFp8UU2ymENJqlIwhtwy5Z56oWRGS34rVdyhmlQ/OrGEinTyyoZBxWJmzbvw
+Cqi1+IZKmwobGVSIuNdKxLwn/KNRxXE+tWwVy/+Dq5U3mt4zdBcRHQsSuqxPzS+6
+/3MivAN+5hGebHv1UyfKEQTACyKc8YHryf5SPwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQCPf/9isj85Ncsw7v01apIuklLzHByYZdkD0yY3Igrw2teaOGNKcTuXHiPM
+v4QpV5KkkRtL+okNR6hL1BoY4OYkDRD67b8bHqr20JiYUriA1aZ5paW2MVXya8eE
+T12fZYpNuYWKfd2YQiWSUuEEhCbr6cBkw9A4oyhVx5+QAFVstysm4U4dI9fn89uK
+Ywtcc0ebk7FwjwGfchKW9mGG7mSOcZdGiKxYFxnI+wIf0nwjJvRraQbNpN2RuqSx
+Oc/oG8QdRklQ6GnDKEwWb4P2z4r3n16O0ntcyXt03h1pFxrGTNhQ+pwbormCmN/c
+t2udn5DvywhPljodj8vnprDScR4g
 -----END CERTIFICATE-----
diff --git a/dm/tests/tls/conf/dm.key b/dm/tests/tls/conf/dm.key
@@ -1,8 +1,27 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEICF/GDtVxhTPTP501nOu4jgwGSDY01xN+61xd9MfChw+oAoGCCqGSM49
-AwEHoUQDQgAEgQOv5bQO7xK16vZWhwJqlz2vl19+AXW2Ql7KQyGiBJVSvLbyDLOr
-kIeFlHN04iqQ39SKSOSfeGSfRt6doU6IcA==
------END EC PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuWvI0YtEvBAkO4dHtGdwRJ2aTCsB0jjWrSBz55pMn+4ht1Sl
+9YECNx6+1SSenuzfDvvNkplIeI3RI+8QjS6by0yeBQxxp60Zh/HrS2CnRbjEXjig
+PnLxL/xnR1MxtlzmKH3wdq0Z7jRSYwHxZ15uKvECq8wmnJuAnKyMdOc3kQYcdD/1
+tAQ8HqKOZr6wVfjj4ApZuctqGNOmkiCgNULljQqhiVbdx9o+xTAx+vBxHpUbXpTf
+BZYA8VlKh9As6wwQbNW5GgOItGanulElZRaq8Ql/sk+mEVuNlkownkQgmtL/xnbH
+HUehn/OugogrOcR6MZAkEuxN/Sl03VTbHXxP0QIDAQABAoIBAQClE2qD84NMEurO
+/I8/818mF1HJQfirGeM12tCVfu986tqlhv0BZst8Gyk2RRXa03N6uX65ZzH38foi
+DbIknzwgcKO2Ru/goeE7AIvEXdZN4kMgxzUSo+5KFGI2Q8DcZDScFBNC9LVDNt2q
+O46Zwp4+KLeCD4zInECSO6QIZ9k2iEA2Tg1/oxxMO1hZAZv/RBcKWWFHc9sDe8qT
+p2proaQBu4Qr4az4I0bKZoQK5QyZwbvd8EPCsTdqRY6KLBNkDn6rsovyTFJ/fzgk
+lHl1Ef5zv89i4lX/JJgfNI+YxzX/SFJDGcWmvwQvFsbaSW+SffNGaYevWK9R4idq
+vBBj5iKJAoGBAN+3Bc6ap7Vbu8TckbOifRH1u+3v1Awo5gP7XnUJQ1WzvI5qJeit
+bkYJ4+SLDrGspdTpeh2LqyjI4f+2XiV67oyIFRhcra9B562COMC3jAXb6B54aT4W
+fWBvzBLqsX6V1VnicgXHeF++DFI+54wlULso3X44EUxrk8/UyiY4KVZzAoGBANQu
+Bdyo+6pmhHMMqegwhYqmTh/Tqq2Xy4aHMzO/3Ft0ZE/C6VkHFH73xXFUkYkdMNPx
+KNLkES7TFmI9jbwBY806NYq8gmFXY/pDjZPfhNr0cQTUIoM/NPL67er1CFKuL0zg
+kduUZEP876B+6WLkDw0oh+c8QA8QAL/fd5tVbOurAoGADOucGT+TWgUPRiJbA93p
+jUT88pP8Uit2hVpaLTY4vlVgGXWF9Pc3PDJMCCID2j0XYsGNPPGZFATuEH+u1klQ
+R6uAVGTd3xZWVA4GSxMOsjPuJvxbT6uq2Av85EbLs3zh0owie7T2fckTGxjo9I4f
+KIAGssh4L0qzQbiPaD+sG4MCgYADwxUjhnN/3/V1PMI+da3IeY5lDhG2pjxblEYa
+Isq7bGLi7yfIBlIctjPwAHncHoJhH6ODqbuMQv3gnArJTJUCbIfKf/En3K7PHyeB
+ebMXVsIyPbim7xX3QO+6/ME7Bg+co1ayt/zXH8L364gj0rtZlmBifzT7j2MUA9hR
+DsCxpQKBgQCvPP4d0zZTRobdJtPaLnAgMq6F0RPhzoDzVlcKqXJzcELflSvusdel
+L2CPOFs8KXe2BxlJpUUwmhuTIHuwWahkMxx/Dhd5rJ9qlQtDygTKNsaJgnflPscF
+mFZkIeDqpeE05X9tcvWdA+QSgpmY7AmjwvlOfCTi0Ftx1s7HPfnhTQ==
+-----END RSA PRIVATE KEY-----
diff --git a/dm/tests/tls/conf/dm.pem b/dm/tests/tls/conf/dm.pem
@@ -1,10 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIBZDCCAQqgAwIBAgIJAIT/lgXUc1JqMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM
-CWxvY2FsaG9zdDAgFw0yMDAzMTcxMjAwMzNaGA8yMjkzMTIzMTEyMDAzM1owDTEL
-MAkGA1UEAwwCZG0wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASBA6/ltA7vErXq
-9laHAmqXPa+XX34BdbZCXspDIaIElVK8tvIMs6uQh4WUc3TiKpDf1IpI5J94ZJ9G
-3p2hTohwo0owSDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwCwYDVR0PBAQD
-AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAKBggqhkjOPQQDAgNI
-ADBFAiEAx6ljJ+tNa55ypWLGNqmXlB4UdMmKmE4RSKJ8mmEelfECIG2ZmCE59rv5
-wImM6KnK+vM2QnEiISH3PeYyyRzQzycu
+MIIC+zCCAeOgAwIBAgIUDg53fesx1gIIYkGiIDbjngxBd40wDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MTExOTAyNTIxOFoYDzIyOTgw
+OTA0MDI1MjE4WjANMQswCQYDVQQDDAJkbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALlryNGLRLwQJDuHR7RncESdmkwrAdI41q0gc+eaTJ/uIbdUpfWB
+AjcevtUknp7s3w77zZKZSHiN0SPvEI0um8tMngUMcaetGYfx60tgp0W4xF44oD5y
+8S/8Z0dTMbZc5ih98HatGe40UmMB8WdebirxAqvMJpybgJysjHTnN5EGHHQ/9bQE
+PB6ijma+sFX44+AKWbnLahjTppIgoDVC5Y0KoYlW3cfaPsUwMfrwcR6VG16U3wWW
+APFZSofQLOsMEGzVuRoDiLRmp7pRJWUWqvEJf7JPphFbjZZKMJ5EIJrS/8Z2xx1H
+oZ/zroKIKznEejGQJBLsTf0pdN1U2x18T9ECAwEAAaNKMEgwGgYDVR0RBBMwEYIJ
+bG9jYWxob3N0hwR/AAABMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+AgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBADMC8yK209WqhIBB+48kxpgU
+aIxpu1CJXCHU3M476mZFYXpzfGQvxHJJSzLb6ZdfvK2TruWd1STwlnDanAH9MAxI
+nFDtI7TLlpBvtSu9SB8fQLeEY5QUl5ZtBHpLKXkVQ/GMOWKP4q7L7zE7gaeaiVlC
+VcvEF/+yeaj/GBu0RE5ia23V1HbthRLcyZnGvTYsyEVwTf+ZbJso3hbbN83WaKiL
+avXD267fnfeJbL0No24QWFud/og28pdS1fM7ssyZZYI9k2VlrDPQF2jHQRfIu/bt
+NyTNSt8etReb1rYCNKsFK8IPTkWwJmyOCDF+dhFLgA/z9KY2MZh1M+9gR9I5GNY=
 -----END CERTIFICATE-----
diff --git a/dm/tests/tls/conf/generate_tls.sh b/dm/tests/tls/conf/generate_tls.sh
@@ -16,12 +16,12 @@ DNS.1 = localhost
 IP.1 = 127.0.0.1
 EOF
 
-openssl ecparam -out "ca.key" -name prime256v1 -genkey
+openssl genrsa -out "ca.key"
 openssl req -new -batch -sha256 -subj '/CN=localhost' -key "ca.key" -out "ca.csr"
 openssl x509 -req -sha256 -days 100000 -in "ca.csr" -signkey "ca.key" -out "ca.pem" 2>/dev/null
 
 for role in dm other; do
-	openssl ecparam -out "$role.key" -name prime256v1 -genkey
+	openssl genrsa -out "$role.key"
 	openssl req -new -batch -sha256 -subj "/CN=${role}" -key "$role.key" -out "$role.csr"
 	openssl x509 -req -sha256 -days 100000 -extensions EXT -extfile "ipsan.cnf" -in "$role.csr" -CA "ca.pem" -CAkey "ca.key" -CAcreateserial -out "$role.pem" 2>/dev/null
 done
diff --git a/dm/tests/tls/conf/other.key b/dm/tests/tls/conf/other.key
@@ -1,8 +1,27 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEICzbWZZ7dtha0lGXlBiP3QjCurPs5ExsR5thIQCcKCKeoAoGCCqGSM49
-AwEHoUQDQgAEt5z9ACtEnsqv0ZPFx5YJhvBNQZJCEb75ZS/kDBiPoISea1HMt1w8
-4ZkeWW+SBCwt0RtwzVPRq9VUGWaFRUOwdQ==
------END EC PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAw1kLMqpCyhCuviPrJkQFoZIO4ocbZO/WPju2L1B9o3QEaqzF
+Zs7jTCVVtLynryw12OSay+t2JuTED4hHfSlR0RjjfHj2rV9CRyLty5Njf2ZrmX+V
+pUNV/c1AKo4ACZbjy7UpQZ0dQEA6bHE3THq7oLEhREL0/QkZKOEoy8CEZ8Bk2DaR
+eOepFzNX9ZSuFZ/Kfljl9skJ3D/0Sg0RjGeIddhITbW8SuR7NEEcHbjweEYCuoMr
+W+90FYBx0GxAACAqzyO+QzsWaq7WbDkUYeEJjwCZ9jJthYsXGnfwpLde9A4poJs5
+8LvHLq1KqDOuVXdyjQFBjZLWBVQfOTdbvzTenwIDAQABAoIBACO6G1Qu03xFRNA9
+nXooIqeEIPjJIPd67cIABbftjqzgQRaJdqjw2Z1Jjr05a6mb+lUqqiz1aWx/lmQI
+1ppLfk0xshlHvkXDEEoWV0tOL3pTbwZp0SKiiA2dBklCIzudvxe4kE0RwRHJLWY7
+5pM0NzCSdLUZUdkdWt6hH2b0VMLsmIq+6L2Th8Ns3Z88+UL2UAEK0qex7TKRNRlc
+wRDf9pydcqUdPu+3IBvyww/MVXJfEiZHPc9kI8Nrt0Puo/3qnhQG//2jLPJFQUod
+vXOcS1bX7UAYP2NQ1YNrHloX079D7OmSN+C03pvS62fVGWwDhVQiXd56VimPEzB8
+Rz0fgqECgYEA/ldf+hqPBvXNrBAF8Z0rh/kgBSv/rGvHCOTijNL9i5dWOx1gnF4d
+kx94XPmGLKcnDiSdg8tlzc9FDW17t9gmycF4oHdAmZkWy1R6rH4OcVifuQ3DqLsg
+qlDQZpjySsBQN4kY/lbrmKAsXzVWDecBIrMWM6IYCQFrTaC4A9rmI5cCgYEAxJ8t
+vnGbB2QQbf+PJxef+xy4TtGb2lT0SrnrNBVcVFcYbe3/AdT7iXviGULhtIJiIykR
+hcMoZu9mhWnydKpf5hn9jxE9XoB4khcfrjcVIGk6DBgHk6IhGxDOgGispgNO9uMH
+WWWu4KtuyBsocG/k9jJZDJ7Mltpc0h4gQyT23jkCgYBDNIk6x+vFFgwri+xWJIaN
+HknUtASR5cSo1/n45gNy8CEr655Mkx3TczxVrOVERUKvnQM2APe8gykm3CgVsvrE
+0udx1zDtpSL9xSvJCmH8l0NVHYr2ucNu3X3DrmRPVjOcCRDem88S/DfdTHWZpNGK
+/rE+IXWiY4qb73zQH/YxrwKBgQCyxVPvGxXss2Noz/qVfZp809EUAOrmqWVwZ/hd
+Y6qOGJ5inQjF3qNRjqy1cSUMXZvjAh0ndJjQdozNctX6k0ocSbdMFE2rFb4KfjHU
+0cpIrMQVaOfCqJ/XHwHSqNmJG+r4+NSeyKAnMFfKYz7ydBpGauKiYeP8qM/KT4/f
+3MUEqQKBgQC2zESZWJR49qMhsQlDREeD/pZjbX76DoVfUOuvNpI4mFP9Gj1cp92V
+8sBVSREHeRoN/DltT8TtJgGXSzfW8pQWRxQh2BguryHYROJsXA0aVNgQPHmBLz49
+V6UOSgXetUnm9TSkSGcMKDt93NwN1e6sJ3OJruAMTG3Y6guKN20sTg==
+-----END RSA PRIVATE KEY-----
diff --git a/dm/tests/tls/conf/other.pem b/dm/tests/tls/conf/other.pem
@@ -1,10 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIBZzCCAQ2gAwIBAgIJAIT/lgXUc1JrMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM
-CWxvY2FsaG9zdDAgFw0yMDAzMTcxMjAwMzNaGA8yMjkzMTIzMTEyMDAzM1owEDEO
-MAwGA1UEAwwFb3RoZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3nP0AK0Se
-yq/Rk8XHlgmG8E1BkkIRvvllL+QMGI+ghJ5rUcy3XDzhmR5Zb5IELC3RG3DNU9Gr
-1VQZZoVFQ7B1o0owSDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwCwYDVR0P
-BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAKBggqhkjOPQQD
-AgNIADBFAiEA34/Vz7SaJWqYOgOLyr+y1OwiT9R7yTgBQCSSvGC+HpsCIA20BhNe
-RnicYz+9qOQRxAFP1wpIyMMgOK4tKuZhx+/J
+MIIC/jCCAeagAwIBAgIUDg53fesx1gIIYkGiIDbjngxBd4wwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MTExOTAyNTE0M1oYDzIyOTgw
+OTA0MDI1MTQzWjAQMQ4wDAYDVQQDDAVvdGhlcjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMNZCzKqQsoQrr4j6yZEBaGSDuKHG2Tv1j47ti9QfaN0BGqs
+xWbO40wlVbS8p68sNdjkmsvrdibkxA+IR30pUdEY43x49q1fQkci7cuTY39ma5l/
+laVDVf3NQCqOAAmW48u1KUGdHUBAOmxxN0x6u6CxIURC9P0JGSjhKMvAhGfAZNg2
+kXjnqRczV/WUrhWfyn5Y5fbJCdw/9EoNEYxniHXYSE21vErkezRBHB248HhGArqD
+K1vvdBWAcdBsQAAgKs8jvkM7Fmqu1mw5FGHhCY8AmfYybYWLFxp38KS3XvQOKaCb
+OfC7xy6tSqgzrlV3co0BQY2S1gVUHzk3W7803p8CAwEAAaNKMEgwGgYDVR0RBBMw
+EYIJbG9jYWxob3N0hwR/AAABMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
+BQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAKaIFX66bIZRaiaLoQqw
+nvremDwYX16RTDRXPmF8Jp0Rs7Xm8WeQF4B4HDhwWtkti9muecN2CzeYTlgzkbaK
+yMG2mndmbO/W6pWuWObrRZF9TA+4jIQ/r5NuBcoVLwe0s4/EWxPqZyndNxBZCNr+
+cpUlcG4QScrFfuj87K6yi+z1t7w0F1YMoRt0uD2MspWG2TQv7tR1iWMQRy9rVF9E
++GWEMPQRdMAG1fkTtlRd+VgcZXGWF7XEYWK0nSIBBXJf9mQGsl6XZcBqRMY2vgTa
+Jk0Nix/aUsVP1cclVNQ9vL5qWUBnr9/3TseyqHcKFOrM+E6+vXFlVs33WJ2awwqP
+HZ4=
 -----END CERTIFICATE-----
diff --git a/dm/tests/tls/run.sh b/dm/tests/tls/run.sh
@@ -17,7 +17,7 @@ function get_mysql_ssl_data_path() {
 
 function setup_tidb_with_tls() {
 	echo "run a new tidb server with tls"
-	cat - >"$WORK_DIR/tidb-tls-config.toml" <<EOF
+	cat - >"/dm/tidb-tls-config.toml" <<EOF
 
 socket = "/tmp/tidb-tls.sock"
 
@@ -26,20 +26,20 @@ status-port = 10090
 
 [security]
 # set the path for certificates. Empty string means disabling secure connections.
-ssl-ca = "$cur/conf/ca.pem"
-ssl-cert = "$cur/conf/dm.pem"
-ssl-key = "$cur/conf/dm.key"
-cluster-ssl-ca = "$cur/conf/ca.pem"
-cluster-ssl-cert = "$cur/conf/dm.pem"
-cluster-ssl-key = "$cur/conf/dm.key"
+ssl-ca = "/dm/tiflow/dm/tests/tls/conf/ca.pem"
+ssl-cert = "/dm/tiflow/dm/tests/tls/conf/dm.pem"
+ssl-key = "/dm/tiflow/dm/tests/tls/conf/dm.key"
+cluster-ssl-ca = "/dm/tiflow/dm/tests/tls/conf/ca.pem"
+cluster-ssl-cert = "/dm/tiflow/dm/tests/tls/conf/dm.pem"
+cluster-ssl-key = "/dm/tiflow/dm/tests/tls/conf/dm.key"
 EOF
 
 	bin/tidb-server \
 		-P 4400 \
-		--path $WORK_DIR/tidb \
+		--path /dm/tidb \
 		--store unistore \
-		--config $WORK_DIR/tidb-tls-config.toml \
-		--log-file "$WORK_DIR/tidb.log" 2>&1 &
+		--config /dm/tidb-tls-config.toml \
+		--log-file "dm/tidb.log" 2>&1 &
 
 	sleep 5
 	ls -alh $cur/conf