We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please answer these questions before submitting your issue. Thanks!
I create the client certificate following this guild: https://pingcap.com/docs/stable/how-to/secure/enable-tls-clients.
I waited until the certificate expired. Then use mariadb-client to connect to TiDB Server.
Certificate: Data: Version: 3 (0x2) Serial Number: fa:bc:68:3f:2c:94:e7:ae:1a:e1:e6:26:3f:20:ab:9c Signature Algorithm: sha256WithRSAEncryption Issuer: O = PingCAP, CN = TiDB Client Validity Not Before: Mar 9 08:35:45 2020 GMT Not After : Mar 9 08:45:45 2020 GMT Subject: O = PingCAP, CN = TiDB Client Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:f4:12:66:e6:da:7c:38:de:df:31:9f:41:0d: ed:a0:d7:ec:a0:a4:c5:20:7b:fe:b6:26:35:b7:e0: 71:61:8e:bc:66:ba:38:99:4a:1a:93:f1:73:56:e3: 7a:a0:b7:f7:40:1f:2b:7a:1d:66:46:a3:69:e8:ed: 94:4c:e3:bd:8d:60:2a:d6:36:73:f5:47:e9:64:6a: 32:ae:96:c6:2a:83:2f:2e:21:fe:65:8e:62:34:c1: 5b:6f:69:5a:69:30:fc:09:79:dd:f4:e3:66:f3:b1: cb:a4:44:d7:c3:01:36:a0:ef:04:a7:76:ac:18:62: d3:33:c7:45:30:2a:ea:6d:f1:84:0e:2c:bf:be:c7: a7:d6:b5:c2:3a:3b:ee:4e:f7:b6:d5:02:84:9a:41: b2:56:b1:d9:70:7e:98:19:74:b0:47:8b:be:86:d4: d8:20:cd:30:0f:ca:a7:33:f6:01:42:b0:95:7a:00: 2f:a0:70:ad:24:5b:79:0f:ff:8c:ea:42:81:ff:b3: 5b:6c:23:50:41:e7:99:5a:87:23:93:3e:29:b2:df: 3a:e6:92:1f:3b:77:65:88:77:83:75:b3:ff:3d:8f: 7e:81:10:7f:16:5c:f7:4b:bc:ff:12:d3:89:7b:4b: 2a:f3:7a:28:19:3b:63:68:a1:e7:de:ff:43:25:12: 90:67 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption 70:8d:00:3c:f0:45:50:d1:0b:20:e8:f8:e8:9a:55:c2:4e:3e: 5d:a2:2d:40:5c:f3:22:76:56:7b:67:cd:72:ed:92:b0:5c:09: c9:e9:5b:9a:12:45:96:1d:cf:da:d9:d7:4e:6e:5c:d9:19:97: 2e:95:67:eb:85:26:e3:3b:a0:33:37:21:d4:02:ce:20:47:db: 42:65:b9:48:73:4d:66:8a:17:05:fe:a0:15:65:d5:86:a5:2e: 36:3f:78:7e:84:b4:e8:00:d8:55:c1:8f:2d:00:f3:45:e4:5b: 36:c9:09:82:58:6b:a3:3c:61:ea:eb:cc:b8:b9:10:10:61:a3: 5d:2c:bb:de:ac:90:28:d4:62:f2:7a:13:ce:ef:40:7f:28:8c: 60:f7:24:bb:04:40:19:a0:64:2a:70:81:cb:b1:a0:cc:7f:24: f9:5a:ed:eb:fb:a9:3b:38:bf:4f:91:2a:b2:af:a6:54:14:fa: a2:c6:a2:81:9c:12:a8:69:66:b3:30:2c:43:06:ba:6b:81:8b: 08:15:ee:47:dc:30:ca:de:b8:6e:02:a8:c3:d4:a6:ae:4e:65: fb:76:72:96:27:58:df:08:7d:64:b9:49:a8:24:47:f8:71:3f: 3a:31:4d:a5:79:52:3f:03:f1:3b:f6:64:50:95:2b:7e:96:99: 90:d0:26:93
The TiDB Server should reject the connection, because the client certificate was expired.
Connected to TiDB Server successfully.
tidb-server -V
select tidb_version();
Release Version: v3.0.8 Git Commit Hash: 8f13cf1449bd8903ff465a4f12ed89ecbac858a4 Git Branch: HEAD UTC Build Time: 2019-12-31 11:14:59 GoVersion: go version go1.13 linux/amd64 Race Enabled: false TiKV Min Version: v3.0.0-60965b006877ca7234adaced7890d7b029ed1306 Check Table Before Drop: false
The text was updated successfully, but these errors were encountered:
it's caused by docker alpine image's SSL library question, with standard ubuntu based image it works well
Sorry, something went wrong.
Note: Make Sure that 'component', and 'severity' labels are added Example for how to fill out the template: #20100
lysu
No branches or pull requests
Bug Report
Please answer these questions before submitting your issue. Thanks!
I create the client certificate following this guild: https://pingcap.com/docs/stable/how-to/secure/enable-tls-clients.
I waited until the certificate expired. Then use mariadb-client to connect to TiDB Server.
The TiDB Server should reject the connection, because the client certificate was expired.
Connected to TiDB Server successfully.
tidb-server -V
or runselect tidb_version();
on TiDB)?The text was updated successfully, but these errors were encountered: