Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reload cert/key for every new conn #927

Merged
merged 2 commits into from
Mar 10, 2020
Merged

Reload cert/key for every new conn #927

merged 2 commits into from
Mar 10, 2020

Conversation

july2993
Copy link
Contributor

@july2993 july2993 commented Mar 6, 2020

support reload cluster/downstream TLS cert/key.
CA still can not be hot-reload now

What problem does this PR solve?

preliminary of #891
Reload cert/key of tls for new connection

for the pd client and kv client need to update dep version of pd/db, it will be handle by the client.
but this pr enough for reload certification used to connecting downstream db.

What is changed and how it works?

  • support reload cluster/downstream TLS cert/key, CA still can not be hot-reload now

Check List

Tests

  • Unit test

Code changes

Side effects

Related changes

  • Need to cherry-pick to the release branch
  • Need to update the documentation
  • Need to be included in the release note

@july2993
Reload cert/key for every new conn
c186c33 
support reload cluster/downstream  TLS cert/key.
CA still can not be hot-reload now
@july2993
Copy link
Contributor Author

july2993 commented Mar 6, 2020

/run-all-tests

@july2993 july2993 closed this Mar 6, 2020
@july2993 july2993 reopened this Mar 6, 2020
@july2993
Copy link
Contributor Author

july2993 commented Mar 6, 2020

/run-all-tests

kennytm
kennytm reviewed Mar 6, 2020
View reviewed changes
Copy link
Contributor

@kennytm kennytm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rest LGTM

pkg/security/security_test.go Outdated Show resolved Hide resolved
@july2993 july2993 requested a review from kennytm March 6, 2020 12:46
kennytm
kennytm reviewed Mar 6, 2020
View reviewed changes
Copy link
Contributor

@kennytm kennytm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

WangXiangUSTC
WangXiangUSTC approved these changes Mar 10, 2020
View reviewed changes
Copy link
Contributor

@WangXiangUSTC WangXiangUSTC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kennytm kennytm merged commit 598cc3a into pingcap:master Mar 10, 2020
@july2993 july2993 deleted the reload_cert_self branch March 12, 2020 10:56
@july2993 july2993 mentioned this pull request Mar 12, 2020
Merged
july2993 added a commit that referenced this pull request Mar 15, 2020
@july2993
Reload cert/key for every new conn (#927)
b3654f4 
* Reload cert/key for every new conn

support reload cluster/downstream  TLS cert/key.
CA still can not be hot-reload now

* expand the loop
@july2993 july2993 mentioned this pull request Mar 15, 2020
Merged
@WangXiangUSTC WangXiangUSTC mentioned this pull request Mar 21, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WangXiangUSTC WangXiangUSTC WangXiangUSTC approved these changes

@IANTHEREAL IANTHEREAL Awaiting requested review from IANTHEREAL

@kennytm kennytm Awaiting requested review from kennytm

@csuzhangxc csuzhangxc Awaiting requested review from csuzhangxc

Assignees
No one assigned
Labels
needs-cherry-pick-release-3.0 status/LGT2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@july2993 @kennytm @WangXiangUSTC