You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on a distributed system and use pkg/transport and raft. When I try to set multiple root ca files in TLSInfo, it seems we can only set one ca file because there is only a public string type field called TrustedCAFile.
After a little code digging, I find when generating a normal tls config used by crypto/tls, the cafiles() only use what is set in TrustedCAFile as the root CA
This behavior confuses me and I come up a few questions:
It seems there is no easy way to add root CAs if I want to create a listener by NewTimeoutListener or a transport by NewTransport
If I want to use the same CA for every node ( a node can be both a client and a server) and set it as TrustedCAFile, the client auth will be enabled which is not required
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.
I'm working on a distributed system and use
pkg/transport
andraft
. When I try to set multiple root ca files inTLSInfo
, it seems we can only set one ca file because there is only a public string type field calledTrustedCAFile
.After a little code digging, I find when generating a normal tls config used by
crypto/tls
, thecafiles()
only use what is set inTrustedCAFile
as the root CAetcd/pkg/transport/listener.go
Lines 319 to 326 in 1eee465
etcd/pkg/transport/listener.go
Lines 371 to 376 in 1eee465
This behavior confuses me and I come up a few questions:
NewTimeoutListener
or a transport byNewTransport
TrustedCAFile
, the client auth will be enabled which is not requiredetcd/pkg/transport/listener.go
Lines 335 to 338 in 1eee465
The text was updated successfully, but these errors were encountered: