Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[enhancement](mysql) enable two-way ssl authentication #18530

Merged
merged 6 commits into from
Apr 21, 2023
Merged

[enhancement](mysql) enable two-way ssl authentication #18530

merged 6 commits into from
Apr 21, 2023

Conversation

Xiaoccer
Copy link
Contributor

Proposed changes

Issue Number: close #xxx

Problem summary

Describe your changes.

According to the mysql-ssl, enable two-way SSL authentication.

Checklist(Required)

  • Does it affect the original behavior
  • Has unit tests been added
  • Has document been added or modified
  • Does it need to update dependencies
  • Is this PR support rollback (If NO, please explain WHY)

Further comments

If this is a relatively large or complex change, kick off the discussion at dev@doris.apache.org by explaining why you chose the solution you did and what alternatives you considered, etc...

@github-actions github-actions bot added kind/docs Categorizes issue or PR as related to documentation. kind/test labels Apr 10, 2023
gavinchou
gavinchou reviewed Apr 10, 2023
View reviewed changes
conf/mysql_ssl_default_certificate/ca-key.pem Outdated
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider putting a script to generate all these certificates instead.

gavinchou
gavinchou reviewed Apr 10, 2023
View reviewed changes
regression-test/ssl_default_certificate/server-req.pem Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep files that are needed by the client only.

gavinchou
gavinchou reviewed Apr 10, 2023
View reviewed changes
conf/mysql_ssl_default_certificate/ca-key.pem Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep files that are needed by the server only.

@gavinchou
Copy link
Contributor

LGTM

@Xiaoccer
Copy link
Contributor Author

run buildall

@morningman
Copy link
Contributor

you need to add following files to .licenserc.yaml to pass the license check

conf/mysql_ssl_default_certificate/client_certificate/ca.pem
conf/mysql_ssl_default_certificate/client_certificate/client-cert.pem
conf/mysql_ssl_default_certificate/client_certificate/client-key.pem
regression-test/ssl_default_certificate/ca.pem
regression-test/ssl_default_certificate/client-cert.pem
regression-test/ssl_default_certificate/client-key.pem

@Xiaoccer
Copy link
Contributor Author

run buildall

@Xiaoccer
Copy link
Contributor Author

run buildall

@morningman morningman self-assigned this Apr 17, 2023
@gavinchou
Copy link
Contributor

LGTM

Yukang-Lian
Yukang-Lian previously approved these changes Apr 17, 2023
View reviewed changes
Copy link
Collaborator

@Yukang-Lian Yukang-Lian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

gavinchou
gavinchou previously approved these changes Apr 17, 2023
View reviewed changes
@Xiaoccer Xiaoccer dismissed stale reviews from gavinchou and Yukang-Lian via 89583ac April 17, 2023 08:16
@Xiaoccer
Copy link
Contributor Author

run buildall

CalvinKirs
CalvinKirs reviewed Apr 19, 2023
View reviewed changes
conf/mysql_ssl_default_certificate/client_certificate/client-cert.pem
Comment on lines +1 to +21
-----BEGIN CERTIFICATE-----
MIIDgzCCAmsCAQEwDQYJKoZIhvcNAQELBQAwgYYxCzAJBgNVBAYTAkNOMRAwDgYD
VQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdCZWlqaW5nMQ4wDAYDVQQKDAVEb3JpczEO
MAwGA1UECwwFRG9yaXMxDjAMBgNVBAMMBURvcmlzMSMwIQYJKoZIhvcNAQkBFhRk
ZXZAZG9yaXMuYXBhY2hlLm9yZzAeFw0yMzA0MTAxMDQ1MjBaFw0zMzAyMTYxMDQ1
MjBaMIGHMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwH
QmVpamluZzEOMAwGA1UECgwFRG9yaXMxDjAMBgNVBAsMBURvcmlzMQ8wDQYDVQQD
DAZDbGllbnQxIzAhBgkqhkiG9w0BCQEWFGRldkBkb3Jpcy5hcGFjaGUub3JnMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWZoLynFbkTTXry3rRoOT0yI
+VWE8Qs/cdKshT8ecNrWgkoMbBtGEoPahtC+BuMfyHsdNSx6Iyyxgee2f41Mqhfv
c9ssZFbq93NPE7rbb8v+LoZkibp5ErM4vtDmKcBp4ZEsWMRxauXYipyvdyGCbswD
M/Hd0PPFubpEoqg/8qjIz/TbQIXbJ2FYkKFv8Z3RYvy0GP5ZVpTm4zcYB6RAzr6z
+qbA3Li/0UjUVSdhzsoDWn5lOfX6Dp7yAuiocSMpMk65A/pwwRPSJ9u/gPP2LVsJ
L5uBogk29Hj5QBwRGePz0hJnDR3C4Lb786zHWk0QmHvVxQJq+DIbY8vlMhv6DwID
AQABMA0GCSqGSIb3DQEBCwUAA4IBAQCgi2pRKqWiZv6Xlpn4Viv/N+G9J+0/IUnd
YWvhmF4yzBb4R4FjyxiKG9d79o6JhhJ1ts5fmNk/idS0sBoj8FOkj53KAbw6pHBQ
bO3f+UYWLvx8I8F5iycAseA5GTid2cOU8s/gY34rhvey2PGzR+hxfDDGbpRxXFKw
X4zOKCYK8qAR9dDc8MOJyAs30NXn6vxiQSNijJe7+0J91NbAOHw/NeaIS673exqs
K7nPiAe7tPwZOY5LsZxzrosTIsUryheM8S+S0Sqess+zkKMV1xbCbyk2eMbhdfyL
5xLGv7HxnIEoJyRKQ4q0wk9GteLdvlSAKJ1cTe/n8NOf36cXZj/s
-----END CERTIFICATE-----
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no reason for us to provide this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a README written that these certificates cannot be used in the production environment, only for testing

morningman
morningman approved these changes Apr 21, 2023
View reviewed changes
Copy link
Contributor

@morningman morningman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@morningman morningman merged commit 3007cd4 into apache:master Apr 21, 2023
gnehil pushed a commit to gnehil/doris that referenced this pull request Apr 21, 2023
@Xiaoccer @gnehil
[enhancement](mysql) enable two-way ssl authentication (apache#18530)
61b9d72 
According to the mysql-ssl, enable two-way SSL authentication.
Reminiscent pushed a commit to Reminiscent/doris that referenced this pull request May 15, 2023
@Xiaoccer @Reminiscent
[enhancement](mysql) enable two-way ssl authentication (apache#18530)
f12c5cc 
According to the mysql-ssl, enable two-way SSL authentication.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CalvinKirs CalvinKirs CalvinKirs left review comments

@morningman morningman morningman approved these changes

@gavinchou gavinchou gavinchou left review comments

@Yukang-Lian Yukang-Lian Yukang-Lian left review comments

Assignees

@morningman morningman

Labels
kind/docs Categorizes issue or PR as related to documentation. kind/test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Xiaoccer @gavinchou @morningman @CalvinKirs @Yukang-Lian