Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backend: refine the error message when require TLS #359

Merged
merged 1 commit into from
Sep 5, 2023
Merged

backend: refine the error message when require TLS #359

merged 1 commit into from
Sep 5, 2023

Conversation

djshow832
Copy link
Collaborator

What problem does this PR solve?

Issue Number: close #312

Problem Summary:
When the TiDB disables TLS and TiProxy enables require-backend-tls, the client receives error (1105, 'Verify TiDB capability failed, please upgrade TiDB'). This makes users confused when users deploy the TiDB cluster by themselves. We should tell them that TiDB should enable TLS.

What is changed and how it works:

  • Change error message when either TiDB or TiProxy doesn't enable TLS

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code
  1. set require-backend-tls = true
  2. Disable TiDB TLS
  3. Connect with client and see error: ERROR 1105 (HY000): Require TLS config on TiDB when require-backend-tls=true. In the log: [new connection failed] [connID=0] [client_addr=127.0.0.1:53490] [proxy-protocol=false] [backend_addr=127.0.0.1:4000] ["quit source"="proxy error"] [error="backend doesn't enable TLS"]
  4. Enable TiDB TLS and disable TiProxy TLS by setting security.sql-tls.skip-ca = false.
  5. Connect with client and see error: ERROR 1105 (HY000): Require TLS config on TiProxy when require-backend-tls=true. In the log: [new connection failed] [connID=0] [client_addr=127.0.0.1:55840] [proxy-protocol=false] [backend_addr=127.0.0.1:4000] ["quit source"="proxy error"] [error="tiproxy doesn't enable TLS"]

Notable changes

  • Has configuration change
  • Has HTTP API interfaces change
  • Has tiproxyctl change
  • Other user behavior changes

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@ti-chi-bot ti-chi-bot bot requested a review from bb7133 September 4, 2023 12:54
@ti-chi-bot ti-chi-bot bot added the size/L label Sep 4, 2023
@ti-chi-bot
Copy link

ti-chi-bot bot commented Sep 5, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: xhebox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added the lgtm label Sep 5, 2023
@ti-chi-bot
Copy link

ti-chi-bot bot commented Sep 5, 2023

[LGTM Timeline notifier]

Timeline:

  • 2023-09-05 02:12:29.036265867 +0000 UTC m=+2411513.585281838: ☑️ agreed by xhebox.

@ti-chi-bot ti-chi-bot bot added the approved label Sep 5, 2023
@ti-chi-bot ti-chi-bot bot merged commit be8f39b into pingcap:main Sep 5, 2023
6 checks passed
@djshow832 djshow832 deleted the refine_tls_err branch April 20, 2024 02:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xhebox xhebox xhebox approved these changes

@bb7133 bb7133 Awaiting requested review from bb7133

Assignees
No one assigned
Labels
approved lgtm size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Refine error message when TiDB doesn't enable TLS
2 participants
@djshow832 @xhebox