Merge pull request #55 from MegaByte875/master

vesoft-inc · Feb 19, 2024 · d6b6f97 · d6b6f97
2 parents f01509d + d49959b
commit d6b6f97
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 11 deletions.
diff --git a/cmd/agent.go b/cmd/agent.go
@@ -37,7 +37,8 @@ var (
 	keyPath            = flag.String("key_path", "/usr/local/certs/client.key", "Path to cert key")
 	caPath             = flag.String("ca_path", "/usr/local/certs/ca.crt", "path to CA file")
 	enableSSL          = flag.Bool("enable_ssl", false, "Enable SSL for agent")
-	insecureSkipVerify = flag.Bool("insecure_skip_verify", false, "Skip server side cert verification")
+	insecureSkipVerify = flag.Bool("insecure_skip_verify", false, "Verify the server's certificate chain and host name")
+	serverName         = flag.String("server_name", "", "The subject alternative name (SAN) of the peer server to verify")
 )
 
 func main() {
@@ -62,7 +63,7 @@ func main() {
 	}
 
 	// set db_playback tls config
-	clients.InitPlayBackTLSConfig(*caPath, *certPath, *keyPath, *enableSSL)
+	clients.InitPlayBackTLSConfig(*caPath, *certPath, *keyPath, *serverName, *enableSSL)
 
 	lis, err := net.Listen("tcp", *agent)
 	if err != nil {
@@ -91,6 +92,7 @@ func main() {
 				log.WithError(err).Fatalf("Failed to load tls config.")
 			}
 			tlsConfig.InsecureSkipVerify = *insecureSkipVerify
+			tlsConfig.ServerName = *serverName
 		}
 
 		metaCfg, err := clients.NewMetaConfig(*agent, *meta, GitInfoSHA, *hbs, tlsConfig)

diff --git a/internal/clients/playback.go b/internal/clients/playback.go
@@ -11,18 +11,20 @@ import (
 var pbtc *PlayBackTLSConfig
 
 type PlayBackTLSConfig struct {
-	CertPath  string
-	KeyPath   string
-	CAPath    string
-	EnableSSL bool
+	CertPath   string
+	KeyPath    string
+	CAPath     string
+	ServerName string
+	EnableSSL  bool
 }
 
-func InitPlayBackTLSConfig(caPath, certPath, keyPath string, enableSSL bool) {
+func InitPlayBackTLSConfig(caPath, certPath, keyPath, serverName string, enableSSL bool) {
 	pbtc = &PlayBackTLSConfig{
-		CertPath:  certPath,
-		KeyPath:   keyPath,
-		CAPath:    caPath,
-		EnableSSL: enableSSL,
+		CertPath:   certPath,
+		KeyPath:    keyPath,
+		CAPath:     caPath,
+		ServerName: serverName,
+		EnableSSL:  enableSSL,
 	}
 }
 
@@ -44,6 +46,9 @@ func (p *ServicePlayBack) PlayBack() error {
 	cmdStr := fmt.Sprintf("cd %s && bin/db_playback --db_path=%s --playback_meta_server=%s", p.dir, p.dataPath, p.metaAddr)
 	if pbtc.EnableSSL {
 		cmdStr += fmt.Sprintf(" --enable_ssl=%t --cert_path=%s --key_path=%s --ca_path=%s", pbtc.EnableSSL, pbtc.CertPath, pbtc.KeyPath, pbtc.CAPath)
+		if pbtc.ServerName != "" {
+			cmdStr += fmt.Sprintf(" --ssl_server_SAN=%s", pbtc.ServerName)
+		}
 	}
 
 	log.WithField("cmd", cmdStr).Info("Try to playback storage data...")