Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TiFlash fails to start with empty string ssl configs #9235

Closed
JaySon-Huang opened this issue Jul 15, 2024 · 0 comments · Fixed by #9234
Closed

TiFlash fails to start with empty string ssl configs #9235

JaySon-Huang opened this issue Jul 15, 2024 · 0 comments · Fixed by #9234
Labels
affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. component/compute severity/moderate type/bug The issue is confirmed as a bug.

Comments

@JaySon-Huang
Copy link
Contributor

JaySon-Huang commented Jul 15, 2024
edited
Loading

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

Start tiflash with

        [security]
          ca_path = ""
          cert_path = ""
          key_path = ""

2. What did you expect to see? (Required)

tiflash starts with tls disabled

3. What did you see instead (Required)

tiflash starts with tls enabled, but failed to create the security grpc server, then failed to start the process.


[2024/07/15 09:18:24.454 +00:00] [ERROR] [Server.cpp:392] ["/build/tics/contrib/grpc/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc, line number: 120, log msg : {\"created\":\"@1721035104.454831344\",\"description\":\"Unable to create secure server with credentials of type Ssl\",\"file\":\"/build/tics/contrib/grpc/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc\",\"file_line\":105}"] [source=grpc] [thread_id=1]
[2024/07/15 09:18:24.454 +00:00] [ERROR] [Server.cpp:392] ["/build/tics/contrib/grpc/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc, line number: 233, log msg : Failed loading SSL server credentials from fetcher."] [source=grpc] [thread_id=1]
[2024/07/15 09:18:24.454 +00:00] [ERROR] [Server.cpp:392] ["/build/tics/contrib/grpc/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc, line number: 381, log msg : Handshaker factory creation failed with TSI_INVALID_ARGUMENT."] [source=grpc] [thread_id=1]
[2024/07/15 09:18:24.454 +00:00] [ERROR] [Server.cpp:392] ["/build/tics/contrib/grpc/src/core/tsi/ssl_transport_security.cc, line number: 840, log msg : Invalid cert chain file."] [source=grpc] [thread_id=1]
[2024/07/15 09:18:24.454 +00:00] [INFO] [TiFlashSecurity.h:196] ["read new SslCredentialOptions: ca_path: , cert_path: , key_path: "] [thread_id=1]

4. What is your TiFlash version? (Required)

master
@JaySon-Huang JaySon-Huang added type/bug The issue is confirmed as a bug. component/compute affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. severity/moderate labels Jul 15, 2024
@JaySon-Huang JaySon-Huang mentioned this issue Jul 15, 2024
Merged
12 tasks
@ti-chi-bot ti-chi-bot bot closed this as completed in 951e010 Jul 16, 2024
This was referenced Jul 17, 2024
Merged
Merged
ti-chi-bot bot pushed a commit that referenced this issue Jul 18, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9238)
2eb2cfe 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
ti-chi-bot bot pushed a commit that referenced this issue Jul 19, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9239)
8f64468 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
@ti-chi-bot ti-chi-bot mentioned this issue Aug 26, 2024
Merged
12 tasks
ti-chi-bot bot pushed a commit that referenced this issue Aug 26, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9347)
7048a4f 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>
Signed-off-by: JaySon-Huang <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
@ti-chi-bot ti-chi-bot mentioned this issue Oct 28, 2024
Merged
12 tasks
JaySon-Huang added a commit to ti-chi-bot/tiflash that referenced this issue Oct 28, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (pingcap#9234) (
cbbd91c 
pingcap#9238)

close pingcap#9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
ti-chi-bot bot pushed a commit that referenced this issue Oct 31, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9559)
25a2eaf 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. component/compute severity/moderate type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

security: Allow empty security config for disabling tls JaySon-Huang/tiflash
1 participant
@JaySon-Huang