search

pingcap / tidb

TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try AI-powered Chat2Query free at : https://tidbcloud.com/free-trial
https://pingcap.com
Apache License 2.0
36.27k stars 5.72k forks source link

lightning: when tidb.tls config set to "false", TLSConfig didn't change, and db cannot connect #53001

Closed AkiraXie closed 1 week ago

AkiraXie commented 2 weeks ago

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

  1. set lightning.toml security image

  2. set lightning config toml [tidb.tls] to "false" image

  3. tidb cluster open cluster tls but no client tls

2. What did you expect to see? (Required)

  1. db connect ok

    3. What did you see instead (Required)

  2. tidb lightning encountered error: [Lightning:DB:ErrDBConnect]failed to connect database: TLS requested but server does not support TLS
  3. some code shows that tlsconfig won't change https://github.com/pingcap/tidb/blob/c60f97d16c6ff981b16279254ddee0f6b0e8ef19/pkg/lightning/config/config.go#L177-L200

    4. What is your TiDB version? (Required)

    master

AkiraXie commented 2 weeks ago

/component lightning

lance6716 commented 2 weeks ago

/assign @lyzx2001

AkiraXie commented 2 weeks ago

/severity major

lance6716 commented 2 weeks ago

tidb cluster open cluster tls but no client tls

Why do you expect the client can connect to TiDB cluster? https://docs.pingcap.com/zh/tidb/dev/enable-tls-between-clients-and-servers#%E9%85%8D%E7%BD%AE%E5%90%AF%E7%94%A8%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81

AkiraXie commented 2 weeks ago

tidb cluster open cluster tls but no client tls

Why do you expect the client can connect to TiDB cluster? https://docs.pingcap.com/zh/tidb/dev/enable-tls-between-clients-and-servers#%E9%85%8D%E7%BD%AE%E5%90%AF%E7%94%A8%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81

the cluster opened between-components tls but not between client-server tls , sorry for my incorrent words