Skip to content
This repository has been archived by the owner on Sep 30, 2024. It is now read-only.

MySQLOrchestratorSSLSkipVerify to apply on backend TLS config #985

Merged
merged 7 commits into from
Nov 13, 2019
Merged

MySQLOrchestratorSSLSkipVerify to apply on backend TLS config #985

merged 7 commits into from
Nov 13, 2019

Conversation

shlomi-noach
Copy link
Collaborator

This PR fixes what seems to be a bug: when certificate can be skipped (MySQLOrchestratorSSLSkipVerify = true) the existing code still demanded to add X509 key pair.

With this PR, when MySQLOrchestratorSSLSkipVerify = true and when no certificate files exist, then we don't attempt to load them.

Another logic seems to have been flawed in SetupMySQLTopologyTLS: again, certificates were required when MySQLTopologySSLSkipVerify = true.

The new logic is as follows:

		if (config.Config.MySQLTopologyUseMutualTLS && !config.Config.MySQLTopologySSLSkipVerify) &&
			config.Config.MySQLTopologySSLCertFile != "" &&
			config.Config.MySQLTopologySSLPrivateKeyFile != "" {
...

@shlomi-noach shlomi-noach temporarily deployed to production/mysql_cluster=concertmaster September 25, 2019 05:41 Inactive
@shlomi-noach
Copy link
Collaborator Author

cc @ggunson for visibility

@sjmudd
Copy link
Collaborator

sjmudd commented Sep 27, 2019

Code looks good. Going to double check it works here, so should be able to give you some feedback shortly.

@shlomi-noach
Copy link
Collaborator Author

@sjmudd any thoughts per chance?

@shlomi-noach shlomi-noach had a problem deploying to production/mysql_cluster=concertmaster November 10, 2019 06:50 Failure
@shlomi-noach shlomi-noach had a problem deploying to production/mysql_cluster=concertmaster November 10, 2019 06:50 Failure
@shlomi-noach shlomi-noach had a problem deploying to production/mysql_cluster=concertmaster November 10, 2019 07:17 Failure
@shlomi-noach shlomi-noach temporarily deployed to production/mysql_cluster=concertmaster November 10, 2019 07:21 Inactive
@shlomi-noach
Copy link
Collaborator Author

I'm merging this PR given some constraints.

@shlomi-noach shlomi-noach merged commit 8ac16d3 into master Nov 13, 2019
@shlomi-noach shlomi-noach deleted the orchestrator-backend-skip-tls-verify branch November 13, 2019 07:18
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sjmudd sjmudd Awaiting requested review from sjmudd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shlomi-noach @sjmudd