Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http_api (ticdc): check --cert-allowed-cn before add server common name #3628

Merged
merged 9 commits into from
Dec 14, 2021
10 changes: 0 additions & 10 deletions cdc/capture/http_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -672,11 +672,6 @@ func (h *HTTPHandler) ListCapture(c *gin.Context) {
// @Failure 500,400 {object} model.HTTPError
// @Router /api/v1/status [get]
func (h *HTTPHandler) ServerStatus(c *gin.Context) {
if !h.capture.IsOwner() {
h.forwardToOwner(c)
return
}

status := model.ServerStatus{
Version: version.ReleaseVersion,
GitHash: version.GitHash,
Expand All @@ -697,11 +692,6 @@ func (h *HTTPHandler) ServerStatus(c *gin.Context) {
// @Failure 500 {object} model.HTTPError
// @Router /api/v1/health [get]
func (h *HTTPHandler) Health(c *gin.Context) {
if !h.capture.IsOwner() {
h.forwardToOwner(c)
return
}

ctx := c.Request.Context()

if _, err := h.capture.GetOwner(ctx); err != nil {
Expand Down
6 changes: 6 additions & 0 deletions pkg/security/credential.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,12 @@ func (s *Credential) getSelfCommonName() (string, error) {
// AddSelfCommonName add Common Name in certificate that specified by s.CertPath
// to s.CertAllowedCN
func (s *Credential) AddSelfCommonName() error {
// if CertAllowedCN was not specified, we should not use any common name
// otherwise, https requests without a certificate will not be accepted by
// cdc server
if len(s.CertAllowedCN) == 0 {
asddongmen marked this conversation as resolved.
Show resolved Hide resolved
return nil
}
cn, err := s.getSelfCommonName()
if err != nil {
return err
Expand Down