From 3f27bce4a063ae23ef539333bb0a16a52a311403 Mon Sep 17 00:00:00 2001 From: Jiaqiang Huang <96465211+River2000i@users.noreply.github.com> Date: Tue, 19 Nov 2024 11:03:19 +0800 Subject: [PATCH] Fix TLS generation script to use RSA keys instead of EC keys --- dm/tests/tls/conf/ca.pem | 21 +++++++++++++------ dm/tests/tls/conf/dm.key | 35 ++++++++++++++++++++++++------- dm/tests/tls/conf/dm.pem | 24 ++++++++++++++------- dm/tests/tls/conf/generate_tls.sh | 4 ++-- dm/tests/tls/conf/other.key | 35 ++++++++++++++++++++++++------- dm/tests/tls/conf/other.pem | 25 +++++++++++++++------- dm/tests/tls/run.sh | 20 +++++++++--------- 7 files changed, 114 insertions(+), 50 deletions(-) diff --git a/dm/tests/tls/conf/ca.pem b/dm/tests/tls/conf/ca.pem index 9fc215fa83b..54ccf0ad634 100644 --- a/dm/tests/tls/conf/ca.pem +++ b/dm/tests/tls/conf/ca.pem @@ -1,8 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIBGDCBwAIJAOjYXLFw5V1HMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMMCWxvY2Fs -aG9zdDAgFw0yMDAzMTcxMjAwMzNaGA8yMjkzMTIzMTEyMDAzM1owFDESMBAGA1UE -AwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEglCIJD8uVBfD -kuM+UQP+VA7Srbz17WPLA0Sqc+sQ2p6fT6HYKCW60EXiZ/yEC0925iyVbXEEbX4J -xCc2Heow5TAKBggqhkjOPQQDAgNHADBEAiAILL3Zt/3NFeDW9c9UAcJ9lc92E0ZL -GNDuH6i19Fex3wIgT0ZMAKAFSirGGtcLu0emceuk+zVKjJzmYbsLdpj/JuQ= +MIICsTCCAZkCFBW2dYDlpiY0fQo4/BbVb4kWuLGMMA0GCSqGSIb3DQEBCwUAMBQx +EjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0yNDExMTkwMjUxNThaGA8yMjk4MDkwNDAy +NTE1OFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAzNlitARpbbz2zDeze6X70vGg5Ti0t7xz7MsAAl9ESyf6i/XD +zBDGN5w18YaPUsXbOFz5dJeWtVK8xheJCN19RwYUGWf6BGuLohCA7ygSy43ICVNJ +xeW47xev4RcACu/C2UelBaVQLleSKsMFtEwuGJTlGL9nfxR3NKw7JUYntcy0+1c9 +GJQunFp8UU2ymENJqlIwhtwy5Z56oWRGS34rVdyhmlQ/OrGEinTyyoZBxWJmzbvw +Cqi1+IZKmwobGVSIuNdKxLwn/KNRxXE+tWwVy/+Dq5U3mt4zdBcRHQsSuqxPzS+6 +/3MivAN+5hGebHv1UyfKEQTACyKc8YHryf5SPwIDAQABMA0GCSqGSIb3DQEBCwUA +A4IBAQCPf/9isj85Ncsw7v01apIuklLzHByYZdkD0yY3Igrw2teaOGNKcTuXHiPM +v4QpV5KkkRtL+okNR6hL1BoY4OYkDRD67b8bHqr20JiYUriA1aZ5paW2MVXya8eE +T12fZYpNuYWKfd2YQiWSUuEEhCbr6cBkw9A4oyhVx5+QAFVstysm4U4dI9fn89uK +Ywtcc0ebk7FwjwGfchKW9mGG7mSOcZdGiKxYFxnI+wIf0nwjJvRraQbNpN2RuqSx +Oc/oG8QdRklQ6GnDKEwWb4P2z4r3n16O0ntcyXt03h1pFxrGTNhQ+pwbormCmN/c +t2udn5DvywhPljodj8vnprDScR4g -----END CERTIFICATE----- diff --git a/dm/tests/tls/conf/dm.key b/dm/tests/tls/conf/dm.key index dfdc077bc4d..38105f87366 100644 --- a/dm/tests/tls/conf/dm.key +++ b/dm/tests/tls/conf/dm.key @@ -1,8 +1,27 @@ ------BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHcCAQEEICF/GDtVxhTPTP501nOu4jgwGSDY01xN+61xd9MfChw+oAoGCCqGSM49 -AwEHoUQDQgAEgQOv5bQO7xK16vZWhwJqlz2vl19+AXW2Ql7KQyGiBJVSvLbyDLOr -kIeFlHN04iqQ39SKSOSfeGSfRt6doU6IcA== ------END EC PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuWvI0YtEvBAkO4dHtGdwRJ2aTCsB0jjWrSBz55pMn+4ht1Sl +9YECNx6+1SSenuzfDvvNkplIeI3RI+8QjS6by0yeBQxxp60Zh/HrS2CnRbjEXjig +PnLxL/xnR1MxtlzmKH3wdq0Z7jRSYwHxZ15uKvECq8wmnJuAnKyMdOc3kQYcdD/1 +tAQ8HqKOZr6wVfjj4ApZuctqGNOmkiCgNULljQqhiVbdx9o+xTAx+vBxHpUbXpTf +BZYA8VlKh9As6wwQbNW5GgOItGanulElZRaq8Ql/sk+mEVuNlkownkQgmtL/xnbH +HUehn/OugogrOcR6MZAkEuxN/Sl03VTbHXxP0QIDAQABAoIBAQClE2qD84NMEurO +/I8/818mF1HJQfirGeM12tCVfu986tqlhv0BZst8Gyk2RRXa03N6uX65ZzH38foi +DbIknzwgcKO2Ru/goeE7AIvEXdZN4kMgxzUSo+5KFGI2Q8DcZDScFBNC9LVDNt2q +O46Zwp4+KLeCD4zInECSO6QIZ9k2iEA2Tg1/oxxMO1hZAZv/RBcKWWFHc9sDe8qT +p2proaQBu4Qr4az4I0bKZoQK5QyZwbvd8EPCsTdqRY6KLBNkDn6rsovyTFJ/fzgk +lHl1Ef5zv89i4lX/JJgfNI+YxzX/SFJDGcWmvwQvFsbaSW+SffNGaYevWK9R4idq +vBBj5iKJAoGBAN+3Bc6ap7Vbu8TckbOifRH1u+3v1Awo5gP7XnUJQ1WzvI5qJeit +bkYJ4+SLDrGspdTpeh2LqyjI4f+2XiV67oyIFRhcra9B562COMC3jAXb6B54aT4W +fWBvzBLqsX6V1VnicgXHeF++DFI+54wlULso3X44EUxrk8/UyiY4KVZzAoGBANQu +Bdyo+6pmhHMMqegwhYqmTh/Tqq2Xy4aHMzO/3Ft0ZE/C6VkHFH73xXFUkYkdMNPx +KNLkES7TFmI9jbwBY806NYq8gmFXY/pDjZPfhNr0cQTUIoM/NPL67er1CFKuL0zg +kduUZEP876B+6WLkDw0oh+c8QA8QAL/fd5tVbOurAoGADOucGT+TWgUPRiJbA93p +jUT88pP8Uit2hVpaLTY4vlVgGXWF9Pc3PDJMCCID2j0XYsGNPPGZFATuEH+u1klQ +R6uAVGTd3xZWVA4GSxMOsjPuJvxbT6uq2Av85EbLs3zh0owie7T2fckTGxjo9I4f +KIAGssh4L0qzQbiPaD+sG4MCgYADwxUjhnN/3/V1PMI+da3IeY5lDhG2pjxblEYa +Isq7bGLi7yfIBlIctjPwAHncHoJhH6ODqbuMQv3gnArJTJUCbIfKf/En3K7PHyeB +ebMXVsIyPbim7xX3QO+6/ME7Bg+co1ayt/zXH8L364gj0rtZlmBifzT7j2MUA9hR +DsCxpQKBgQCvPP4d0zZTRobdJtPaLnAgMq6F0RPhzoDzVlcKqXJzcELflSvusdel +L2CPOFs8KXe2BxlJpUUwmhuTIHuwWahkMxx/Dhd5rJ9qlQtDygTKNsaJgnflPscF +mFZkIeDqpeE05X9tcvWdA+QSgpmY7AmjwvlOfCTi0Ftx1s7HPfnhTQ== +-----END RSA PRIVATE KEY----- diff --git a/dm/tests/tls/conf/dm.pem b/dm/tests/tls/conf/dm.pem index d4f846e3a22..e4678a7f2f9 100644 --- a/dm/tests/tls/conf/dm.pem +++ b/dm/tests/tls/conf/dm.pem @@ -1,10 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIBZDCCAQqgAwIBAgIJAIT/lgXUc1JqMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM -CWxvY2FsaG9zdDAgFw0yMDAzMTcxMjAwMzNaGA8yMjkzMTIzMTEyMDAzM1owDTEL -MAkGA1UEAwwCZG0wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASBA6/ltA7vErXq -9laHAmqXPa+XX34BdbZCXspDIaIElVK8tvIMs6uQh4WUc3TiKpDf1IpI5J94ZJ9G -3p2hTohwo0owSDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwCwYDVR0PBAQD -AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAKBggqhkjOPQQDAgNI -ADBFAiEAx6ljJ+tNa55ypWLGNqmXlB4UdMmKmE4RSKJ8mmEelfECIG2ZmCE59rv5 -wImM6KnK+vM2QnEiISH3PeYyyRzQzycu +MIIC+zCCAeOgAwIBAgIUDg53fesx1gIIYkGiIDbjngxBd40wDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MTExOTAyNTIxOFoYDzIyOTgw +OTA0MDI1MjE4WjANMQswCQYDVQQDDAJkbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALlryNGLRLwQJDuHR7RncESdmkwrAdI41q0gc+eaTJ/uIbdUpfWB +AjcevtUknp7s3w77zZKZSHiN0SPvEI0um8tMngUMcaetGYfx60tgp0W4xF44oD5y +8S/8Z0dTMbZc5ih98HatGe40UmMB8WdebirxAqvMJpybgJysjHTnN5EGHHQ/9bQE +PB6ijma+sFX44+AKWbnLahjTppIgoDVC5Y0KoYlW3cfaPsUwMfrwcR6VG16U3wWW +APFZSofQLOsMEGzVuRoDiLRmp7pRJWUWqvEJf7JPphFbjZZKMJ5EIJrS/8Z2xx1H +oZ/zroKIKznEejGQJBLsTf0pdN1U2x18T9ECAwEAAaNKMEgwGgYDVR0RBBMwEYIJ +bG9jYWxob3N0hwR/AAABMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD +AgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBADMC8yK209WqhIBB+48kxpgU +aIxpu1CJXCHU3M476mZFYXpzfGQvxHJJSzLb6ZdfvK2TruWd1STwlnDanAH9MAxI +nFDtI7TLlpBvtSu9SB8fQLeEY5QUl5ZtBHpLKXkVQ/GMOWKP4q7L7zE7gaeaiVlC +VcvEF/+yeaj/GBu0RE5ia23V1HbthRLcyZnGvTYsyEVwTf+ZbJso3hbbN83WaKiL +avXD267fnfeJbL0No24QWFud/og28pdS1fM7ssyZZYI9k2VlrDPQF2jHQRfIu/bt +NyTNSt8etReb1rYCNKsFK8IPTkWwJmyOCDF+dhFLgA/z9KY2MZh1M+9gR9I5GNY= -----END CERTIFICATE----- diff --git a/dm/tests/tls/conf/generate_tls.sh b/dm/tests/tls/conf/generate_tls.sh index 8f8410690e0..d6090968da7 100644 --- a/dm/tests/tls/conf/generate_tls.sh +++ b/dm/tests/tls/conf/generate_tls.sh @@ -16,12 +16,12 @@ DNS.1 = localhost IP.1 = 127.0.0.1 EOF -openssl ecparam -out "ca.key" -name prime256v1 -genkey +openssl genrsa -out "ca.key" openssl req -new -batch -sha256 -subj '/CN=localhost' -key "ca.key" -out "ca.csr" openssl x509 -req -sha256 -days 100000 -in "ca.csr" -signkey "ca.key" -out "ca.pem" 2>/dev/null for role in dm other; do - openssl ecparam -out "$role.key" -name prime256v1 -genkey + openssl genrsa -out "$role.key" openssl req -new -batch -sha256 -subj "/CN=${role}" -key "$role.key" -out "$role.csr" openssl x509 -req -sha256 -days 100000 -extensions EXT -extfile "ipsan.cnf" -in "$role.csr" -CA "ca.pem" -CAkey "ca.key" -CAcreateserial -out "$role.pem" 2>/dev/null done diff --git a/dm/tests/tls/conf/other.key b/dm/tests/tls/conf/other.key index ee95ca5faa5..718b7bb6ba7 100644 --- a/dm/tests/tls/conf/other.key +++ b/dm/tests/tls/conf/other.key @@ -1,8 +1,27 @@ ------BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHcCAQEEICzbWZZ7dtha0lGXlBiP3QjCurPs5ExsR5thIQCcKCKeoAoGCCqGSM49 -AwEHoUQDQgAEt5z9ACtEnsqv0ZPFx5YJhvBNQZJCEb75ZS/kDBiPoISea1HMt1w8 -4ZkeWW+SBCwt0RtwzVPRq9VUGWaFRUOwdQ== ------END EC PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw1kLMqpCyhCuviPrJkQFoZIO4ocbZO/WPju2L1B9o3QEaqzF +Zs7jTCVVtLynryw12OSay+t2JuTED4hHfSlR0RjjfHj2rV9CRyLty5Njf2ZrmX+V +pUNV/c1AKo4ACZbjy7UpQZ0dQEA6bHE3THq7oLEhREL0/QkZKOEoy8CEZ8Bk2DaR +eOepFzNX9ZSuFZ/Kfljl9skJ3D/0Sg0RjGeIddhITbW8SuR7NEEcHbjweEYCuoMr +W+90FYBx0GxAACAqzyO+QzsWaq7WbDkUYeEJjwCZ9jJthYsXGnfwpLde9A4poJs5 +8LvHLq1KqDOuVXdyjQFBjZLWBVQfOTdbvzTenwIDAQABAoIBACO6G1Qu03xFRNA9 +nXooIqeEIPjJIPd67cIABbftjqzgQRaJdqjw2Z1Jjr05a6mb+lUqqiz1aWx/lmQI +1ppLfk0xshlHvkXDEEoWV0tOL3pTbwZp0SKiiA2dBklCIzudvxe4kE0RwRHJLWY7 +5pM0NzCSdLUZUdkdWt6hH2b0VMLsmIq+6L2Th8Ns3Z88+UL2UAEK0qex7TKRNRlc +wRDf9pydcqUdPu+3IBvyww/MVXJfEiZHPc9kI8Nrt0Puo/3qnhQG//2jLPJFQUod +vXOcS1bX7UAYP2NQ1YNrHloX079D7OmSN+C03pvS62fVGWwDhVQiXd56VimPEzB8 +Rz0fgqECgYEA/ldf+hqPBvXNrBAF8Z0rh/kgBSv/rGvHCOTijNL9i5dWOx1gnF4d +kx94XPmGLKcnDiSdg8tlzc9FDW17t9gmycF4oHdAmZkWy1R6rH4OcVifuQ3DqLsg +qlDQZpjySsBQN4kY/lbrmKAsXzVWDecBIrMWM6IYCQFrTaC4A9rmI5cCgYEAxJ8t +vnGbB2QQbf+PJxef+xy4TtGb2lT0SrnrNBVcVFcYbe3/AdT7iXviGULhtIJiIykR +hcMoZu9mhWnydKpf5hn9jxE9XoB4khcfrjcVIGk6DBgHk6IhGxDOgGispgNO9uMH +WWWu4KtuyBsocG/k9jJZDJ7Mltpc0h4gQyT23jkCgYBDNIk6x+vFFgwri+xWJIaN +HknUtASR5cSo1/n45gNy8CEr655Mkx3TczxVrOVERUKvnQM2APe8gykm3CgVsvrE +0udx1zDtpSL9xSvJCmH8l0NVHYr2ucNu3X3DrmRPVjOcCRDem88S/DfdTHWZpNGK +/rE+IXWiY4qb73zQH/YxrwKBgQCyxVPvGxXss2Noz/qVfZp809EUAOrmqWVwZ/hd +Y6qOGJ5inQjF3qNRjqy1cSUMXZvjAh0ndJjQdozNctX6k0ocSbdMFE2rFb4KfjHU +0cpIrMQVaOfCqJ/XHwHSqNmJG+r4+NSeyKAnMFfKYz7ydBpGauKiYeP8qM/KT4/f +3MUEqQKBgQC2zESZWJR49qMhsQlDREeD/pZjbX76DoVfUOuvNpI4mFP9Gj1cp92V +8sBVSREHeRoN/DltT8TtJgGXSzfW8pQWRxQh2BguryHYROJsXA0aVNgQPHmBLz49 +V6UOSgXetUnm9TSkSGcMKDt93NwN1e6sJ3OJruAMTG3Y6guKN20sTg== +-----END RSA PRIVATE KEY----- diff --git a/dm/tests/tls/conf/other.pem b/dm/tests/tls/conf/other.pem index 5710106ffe6..c164884e341 100644 --- a/dm/tests/tls/conf/other.pem +++ b/dm/tests/tls/conf/other.pem @@ -1,10 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIBZzCCAQ2gAwIBAgIJAIT/lgXUc1JrMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM -CWxvY2FsaG9zdDAgFw0yMDAzMTcxMjAwMzNaGA8yMjkzMTIzMTEyMDAzM1owEDEO -MAwGA1UEAwwFb3RoZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3nP0AK0Se -yq/Rk8XHlgmG8E1BkkIRvvllL+QMGI+ghJ5rUcy3XDzhmR5Zb5IELC3RG3DNU9Gr -1VQZZoVFQ7B1o0owSDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwCwYDVR0P -BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAKBggqhkjOPQQD -AgNIADBFAiEA34/Vz7SaJWqYOgOLyr+y1OwiT9R7yTgBQCSSvGC+HpsCIA20BhNe -RnicYz+9qOQRxAFP1wpIyMMgOK4tKuZhx+/J +MIIC/jCCAeagAwIBAgIUDg53fesx1gIIYkGiIDbjngxBd4wwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MTExOTAyNTE0M1oYDzIyOTgw +OTA0MDI1MTQzWjAQMQ4wDAYDVQQDDAVvdGhlcjCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMNZCzKqQsoQrr4j6yZEBaGSDuKHG2Tv1j47ti9QfaN0BGqs +xWbO40wlVbS8p68sNdjkmsvrdibkxA+IR30pUdEY43x49q1fQkci7cuTY39ma5l/ +laVDVf3NQCqOAAmW48u1KUGdHUBAOmxxN0x6u6CxIURC9P0JGSjhKMvAhGfAZNg2 +kXjnqRczV/WUrhWfyn5Y5fbJCdw/9EoNEYxniHXYSE21vErkezRBHB248HhGArqD +K1vvdBWAcdBsQAAgKs8jvkM7Fmqu1mw5FGHhCY8AmfYybYWLFxp38KS3XvQOKaCb +OfC7xy6tSqgzrlV3co0BQY2S1gVUHzk3W7803p8CAwEAAaNKMEgwGgYDVR0RBBMw +EYIJbG9jYWxob3N0hwR/AAABMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAKaIFX66bIZRaiaLoQqw +nvremDwYX16RTDRXPmF8Jp0Rs7Xm8WeQF4B4HDhwWtkti9muecN2CzeYTlgzkbaK +yMG2mndmbO/W6pWuWObrRZF9TA+4jIQ/r5NuBcoVLwe0s4/EWxPqZyndNxBZCNr+ +cpUlcG4QScrFfuj87K6yi+z1t7w0F1YMoRt0uD2MspWG2TQv7tR1iWMQRy9rVF9E ++GWEMPQRdMAG1fkTtlRd+VgcZXGWF7XEYWK0nSIBBXJf9mQGsl6XZcBqRMY2vgTa +Jk0Nix/aUsVP1cclVNQ9vL5qWUBnr9/3TseyqHcKFOrM+E6+vXFlVs33WJ2awwqP +HZ4= -----END CERTIFICATE----- diff --git a/dm/tests/tls/run.sh b/dm/tests/tls/run.sh index d8b4d7034e3..5b4a50c57e5 100644 --- a/dm/tests/tls/run.sh +++ b/dm/tests/tls/run.sh @@ -17,7 +17,7 @@ function get_mysql_ssl_data_path() { function setup_tidb_with_tls() { echo "run a new tidb server with tls" - cat - >"$WORK_DIR/tidb-tls-config.toml" <"/dm/tidb-tls-config.toml" <&1 & + --config /dm/tidb-tls-config.toml \ + --log-file "dm/tidb.log" 2>&1 & sleep 5 ls -alh $cur/conf