Closed kennytm closed 3 years ago
Signed-off-by: kennytm kennytm@gmail.com
Check the TLS cert CN in all gRPC service APIs.
N/A
gRPC connections from Lightning with wrong CN will be rejected. This does not require any code change on Lightning.
security.cert-allowed-cn
Signed-off-by: kennytm kennytm@gmail.com
What have you changed? (mandatory)
Check the TLS cert CN in all gRPC service APIs.
What are the type of the changes? (mandatory)
How has this PR been tested? (mandatory)
N/A
Does this PR affect TiDB Lightning? (mandatory)
gRPC connections from Lightning with wrong CN will be rejected. This does not require any code change on Lightning.
Refer to a related PR or issue link (optional)
Benchmark result if necessary (optional)
Add a few positive/negative examples (optional)
Release notes
security.cert-allowed-cn
option, to specify a list of TLS common names (CN) allowed to connect.