-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lightning: reload certificate for new connection #33865
Conversation
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
/run-all-tests |
Code Coverage Details: https://codecov.io/github/pingcap/tidb/commit/f86531eeca570fd2c57e6db40cf3dfd0e8e8f858 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rest lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/run-integration-br-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And I'm not sure if the integration test will cover the case. The lightning process is restarted, it will clean the certificate in memory so the reload will be forced? But my understanding is we need an "online" reload. I suspect if we don't change the code part of this PR, the test will still succeed.
No, the first part of the test is a negative test. There is no restart logic in the test. |
/merge |
This pull request has been accepted and is ready to merge. Commit hash: 789f589
|
TiDB MergeCI notify✅ Well Done! New fixed [1] after this pr merged.
|
What problem does this PR solve?
Issue Number: ref #14666
Problem Summary:
In some cases, the certificate will be renewed within a certain period of time. If it takes long time to import, lightning may encounter certificate expired issue.
What is changed and how it works?
Set
GetCertificate
andGetClientCertificate
intlsConfig
so that lightning will reload certificate for every new connection.Check List
Tests
Release note
Please refer to Release Notes Language Style Guide to write a quality release note.