Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: Allow empty security config for disabling tls (#9234) #9238

Merged
merged 2 commits into from
Jul 18, 2024
Merged

security: Allow empty security config for disabling tls (#9234) #9238

merged 2 commits into from
Jul 18, 2024

Conversation

ti-chi-bot
Copy link
Member

This is an automated cherry-pick of #9234

What problem does this PR solve?

Issue Number: close #9235

Problem Summary:

TiFlash fails to start with following configs

        [security]
          ca_path = ""
          cert_path = ""
          key_path = ""

What is changed and how it works?

If any of the security.ca_path/security.cert_path/security.key_path is empty, treat it as missing.
And if all of the three config are not exist or empty strings, TLS is disabled in tiflash.

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Fix a bug that empty SSL config strings will enable TLS for tiflash

@JaySon-Huang @ti-chi-bot
This is an automated cherry-pick of pingcap#9234
4d8a158 
Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 17, 2024
@ti-chi-bot ti-chi-bot mentioned this pull request Jul 17, 2024
Merged
12 tasks
@ti-chi-bot ti-chi-bot added the type/cherry-pick-for-release-7.5 This PR is cherry-picked to release-7.5 from a source PR. label Jul 17, 2024
@ti-chi-bot ti-chi-bot added the cherry-pick-approved Cherry pick PR approved by release team. label Jul 17, 2024
@JaySon-Huang
Copy link
Contributor

/run-all-tests

windtalker
windtalker approved these changes Jul 18, 2024
View reviewed changes
Copy link
Contributor

@windtalker windtalker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot bot added needs-1-more-lgtm Indicates a PR needs 1 more LGTM. approved labels Jul 18, 2024
@JaySon-Huang
Copy link
Contributor

/run-integration-test

@ti-chi-bot ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Jul 18, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JaySon-Huang, windtalker

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [JaySon-Huang,windtalker]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Jul 18, 2024
@ti-chi-bot ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Jul 18, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-07-18 01:14:54.916869168 +0000 UTC m=+489316.907810640: ☑️ agreed by windtalker.
  • 2024-07-18 08:01:33.508080387 +0000 UTC m=+513715.499021860: ☑️ agreed by JaySon-Huang.

@ti-chi-bot ti-chi-bot bot merged commit 2eb2cfe into pingcap:release-7.5 Jul 18, 2024
5 checks passed
JaySon-Huang added a commit to ti-chi-bot/tiflash that referenced this pull request Oct 28, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (pingcap#9234) (
cbbd91c 
pingcap#9238)

close pingcap#9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>

Co-authored-by: JaySon <tshent@qq.com>
Co-authored-by: JaySon-Huang <tshent@qq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JaySon-Huang JaySon-Huang JaySon-Huang approved these changes

@windtalker windtalker windtalker approved these changes

@zanmato1984 zanmato1984 Awaiting requested review from zanmato1984

Assignees

@JaySon-Huang JaySon-Huang

Labels
approved cherry-pick-approved Cherry pick PR approved by release team. lgtm release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. type/cherry-pick-for-release-7.5 This PR is cherry-picked to release-7.5 from a source PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ti-chi-bot @JaySon-Huang @windtalker