You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
And then i use a wrong(not signed by the CA that signed the Server Certificate) Client Certificate to connect to TiDB Server.
With mysql 5.7, i can't connect to TiDB Server, this is as expected:
root@mysql-client:/# mysql --version
mysql Ver 14.14 Distrib 5.7.29, for Linux (x86_64) using EditLine wrapper
root@mysql-client:/# mysql -uroot -p -P 4000 -h 10.110.197.127 --ssl-ca=/ca.pem --ssl-cert=/client.pem --ssl-key=/client-key.pem
Enter password:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
But with mariadb-client, i can connect to the TiDB Server:
root@cjc-control-plane:/# mysql -uroot -p -P 4000 -h 10.102.188.170 --ssl-ca=/ca.pem --ssl-cert=/client.pem --ssl-key=/client-key.pem
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.25-TiDB-v4.0.0-beta-385-g107b071e0 TiDB Server (Apache License 2.0), MySQL 5.7 compatible
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> \s
--------------
mysql Ver 15.1 Distrib 10.3.22-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Connection id: 2
Current database:
Current user: root@10.244.0.1
SSL: Cipher in use is ECDHE-RSA-AES256-GCM-SHA384
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MySQL
Server version: 5.7.25-TiDB-v4.0.0-beta-385-g107b071e0 TiDB Server (Apache License 2.0), MySQL 5.7 compatible
Protocol version: 10
Connection: 10.102.188.170 via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
TCP port: 4000
--------------
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| INFORMATION_SCHEMA |
| INSPECTION_SCHEMA |
| METRICS_SCHEMA |
| PERFORMANCE_SCHEMA |
| mysql |
| test |
+--------------------+
6 rows in set (0.011 sec)```
The text was updated successfully, but these errors were encountered:
weekface
changed the title
A wrong client certificate can connect to TiDB Server with TLS enabled
A wrong client certificate can connect to TiDB Server with TLS enabled using mariadb-client
Mar 11, 2020
Bug Report
I followed Enable TLS for MySQL Clients to crate a TiDB Cluster.
And then i use a wrong(not signed by the CA that signed the Server Certificate) Client Certificate to connect to TiDB Server.
With mysql 5.7, i can't connect to TiDB Server, this is as expected:
But with mariadb-client, i can connect to the TiDB Server:
The text was updated successfully, but these errors were encountered: