You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@doris.apache.org by "Xiaoccer (via GitHub)" <gi...@apache.org> on 2023/04/10 14:40:48 UTC

[GitHub] [doris] Xiaoccer opened a new pull request, #18530: [enhancement](mysql) enable two-way ssl authentication

Xiaoccer opened a new pull request, #18530:
URL: https://github.com/apache/doris/pull/18530

   # Proposed changes
   
   Issue Number: close #xxx
   
   ## Problem summary
   
   Describe your changes.
   
   According to the [mysql-ssl](https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-files-using-openssl.html), enable two-way SSL authentication.
   
   ## Checklist(Required)
   
   * [ ] Does it affect the original behavior
   * [ ] Has unit tests been added
   * [x] Has document been added or modified
   * [ ] Does it need to update dependencies
   * [x] Is this PR support rollback (If NO, please explain WHY)
   
   ## Further comments
   
   If this is a relatively large or complex change, kick off the discussion at [dev@doris.apache.org](mailto:dev@doris.apache.org) by explaining why you chose the solution you did and what alternatives you considered, etc...
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] Xiaoccer commented on pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "Xiaoccer (via GitHub)" <gi...@apache.org>.

Xiaoccer commented on PR #18530:
URL: https://github.com/apache/doris/pull/18530#issuecomment-1508068930

   run buildall


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] Xiaoccer commented on a diff in pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "Xiaoccer (via GitHub)" <gi...@apache.org>.

Xiaoccer commented on code in PR #18530:
URL: https://github.com/apache/doris/pull/18530#discussion_r1171057909


##########
conf/mysql_ssl_default_certificate/client_certificate/client-cert.pem:
##########
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmsCAQEwDQYJKoZIhvcNAQELBQAwgYYxCzAJBgNVBAYTAkNOMRAwDgYD
+VQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdCZWlqaW5nMQ4wDAYDVQQKDAVEb3JpczEO
+MAwGA1UECwwFRG9yaXMxDjAMBgNVBAMMBURvcmlzMSMwIQYJKoZIhvcNAQkBFhRk
+ZXZAZG9yaXMuYXBhY2hlLm9yZzAeFw0yMzA0MTAxMDQ1MjBaFw0zMzAyMTYxMDQ1
+MjBaMIGHMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwH
+QmVpamluZzEOMAwGA1UECgwFRG9yaXMxDjAMBgNVBAsMBURvcmlzMQ8wDQYDVQQD
+DAZDbGllbnQxIzAhBgkqhkiG9w0BCQEWFGRldkBkb3Jpcy5hcGFjaGUub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWZoLynFbkTTXry3rRoOT0yI
++VWE8Qs/cdKshT8ecNrWgkoMbBtGEoPahtC+BuMfyHsdNSx6Iyyxgee2f41Mqhfv
+c9ssZFbq93NPE7rbb8v+LoZkibp5ErM4vtDmKcBp4ZEsWMRxauXYipyvdyGCbswD
+M/Hd0PPFubpEoqg/8qjIz/TbQIXbJ2FYkKFv8Z3RYvy0GP5ZVpTm4zcYB6RAzr6z
++qbA3Li/0UjUVSdhzsoDWn5lOfX6Dp7yAuiocSMpMk65A/pwwRPSJ9u/gPP2LVsJ
+L5uBogk29Hj5QBwRGePz0hJnDR3C4Lb786zHWk0QmHvVxQJq+DIbY8vlMhv6DwID
+AQABMA0GCSqGSIb3DQEBCwUAA4IBAQCgi2pRKqWiZv6Xlpn4Viv/N+G9J+0/IUnd
+YWvhmF4yzBb4R4FjyxiKG9d79o6JhhJ1ts5fmNk/idS0sBoj8FOkj53KAbw6pHBQ
+bO3f+UYWLvx8I8F5iycAseA5GTid2cOU8s/gY34rhvey2PGzR+hxfDDGbpRxXFKw
+X4zOKCYK8qAR9dDc8MOJyAs30NXn6vxiQSNijJe7+0J91NbAOHw/NeaIS673exqs
+K7nPiAe7tPwZOY5LsZxzrosTIsUryheM8S+S0Sqess+zkKMV1xbCbyk2eMbhdfyL
+5xLGv7HxnIEoJyRKQ4q0wk9GteLdvlSAKJ1cTe/n8NOf36cXZj/s
+-----END CERTIFICATE-----

Review Comment:
   There is a README written that these certificates cannot be used in the production environment, only for testing



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] Xiaoccer commented on pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "Xiaoccer (via GitHub)" <gi...@apache.org>.

Xiaoccer commented on PR #18530:
URL: https://github.com/apache/doris/pull/18530#issuecomment-1504498980

   run buildall


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] Xiaoccer commented on pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "Xiaoccer (via GitHub)" <gi...@apache.org>.

Xiaoccer commented on PR #18530:
URL: https://github.com/apache/doris/pull/18530#issuecomment-1510908216

   run buildall


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] gavinchou commented on a diff in pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "gavinchou (via GitHub)" <gi...@apache.org>.

gavinchou commented on code in PR #18530:
URL: https://github.com/apache/doris/pull/18530#discussion_r1161810754


##########
regression-test/ssl_default_certificate/server-req.pem:
##########


Review Comment:
   Keep files that are needed by the client only.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] Xiaoccer commented on pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "Xiaoccer (via GitHub)" <gi...@apache.org>.

Xiaoccer commented on PR #18530:
URL: https://github.com/apache/doris/pull/18530#issuecomment-1502625627

   run buildall


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] gavinchou commented on pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "gavinchou (via GitHub)" <gi...@apache.org>.

gavinchou commented on PR #18530:
URL: https://github.com/apache/doris/pull/18530#issuecomment-1502612743

   LGTM


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] gavinchou commented on a diff in pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "gavinchou (via GitHub)" <gi...@apache.org>.

gavinchou commented on code in PR #18530:
URL: https://github.com/apache/doris/pull/18530#discussion_r1161804691


##########
conf/mysql_ssl_default_certificate/ca-key.pem:
##########
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----

Review Comment:
   Consider putting a script to generate all these certificates instead.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] gavinchou commented on a diff in pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "gavinchou (via GitHub)" <gi...@apache.org>.

gavinchou commented on code in PR #18530:
URL: https://github.com/apache/doris/pull/18530#discussion_r1161811047


##########
conf/mysql_ssl_default_certificate/ca-key.pem:
##########


Review Comment:
   Keep files that are needed by the server only.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] gavinchou commented on pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "gavinchou (via GitHub)" <gi...@apache.org>.

gavinchou commented on PR #18530:
URL: https://github.com/apache/doris/pull/18530#issuecomment-1510803163

   LGTM


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] morningman merged pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "morningman (via GitHub)" <gi...@apache.org>.

morningman merged PR #18530:
URL: https://github.com/apache/doris/pull/18530


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] morningman commented on pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "morningman (via GitHub)" <gi...@apache.org>.

morningman commented on PR #18530:
URL: https://github.com/apache/doris/pull/18530#issuecomment-1503660653

   you need to add following files to `.licenserc.yaml` to pass the license check
   
   ```
   conf/mysql_ssl_default_certificate/client_certificate/ca.pem
   conf/mysql_ssl_default_certificate/client_certificate/client-cert.pem
   conf/mysql_ssl_default_certificate/client_certificate/client-key.pem
   regression-test/ssl_default_certificate/ca.pem
   regression-test/ssl_default_certificate/client-cert.pem
   regression-test/ssl_default_certificate/client-key.pem 
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [doris] CalvinKirs commented on a diff in pull request #18530: [enhancement](mysql) enable two-way ssl authentication

Posted by "CalvinKirs (via GitHub)" <gi...@apache.org>.

CalvinKirs commented on code in PR #18530:
URL: https://github.com/apache/doris/pull/18530#discussion_r1171051958


##########
conf/mysql_ssl_default_certificate/client_certificate/client-cert.pem:
##########
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmsCAQEwDQYJKoZIhvcNAQELBQAwgYYxCzAJBgNVBAYTAkNOMRAwDgYD
+VQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdCZWlqaW5nMQ4wDAYDVQQKDAVEb3JpczEO
+MAwGA1UECwwFRG9yaXMxDjAMBgNVBAMMBURvcmlzMSMwIQYJKoZIhvcNAQkBFhRk
+ZXZAZG9yaXMuYXBhY2hlLm9yZzAeFw0yMzA0MTAxMDQ1MjBaFw0zMzAyMTYxMDQ1
+MjBaMIGHMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwH
+QmVpamluZzEOMAwGA1UECgwFRG9yaXMxDjAMBgNVBAsMBURvcmlzMQ8wDQYDVQQD
+DAZDbGllbnQxIzAhBgkqhkiG9w0BCQEWFGRldkBkb3Jpcy5hcGFjaGUub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWZoLynFbkTTXry3rRoOT0yI
++VWE8Qs/cdKshT8ecNrWgkoMbBtGEoPahtC+BuMfyHsdNSx6Iyyxgee2f41Mqhfv
+c9ssZFbq93NPE7rbb8v+LoZkibp5ErM4vtDmKcBp4ZEsWMRxauXYipyvdyGCbswD
+M/Hd0PPFubpEoqg/8qjIz/TbQIXbJ2FYkKFv8Z3RYvy0GP5ZVpTm4zcYB6RAzr6z
++qbA3Li/0UjUVSdhzsoDWn5lOfX6Dp7yAuiocSMpMk65A/pwwRPSJ9u/gPP2LVsJ
+L5uBogk29Hj5QBwRGePz0hJnDR3C4Lb786zHWk0QmHvVxQJq+DIbY8vlMhv6DwID
+AQABMA0GCSqGSIb3DQEBCwUAA4IBAQCgi2pRKqWiZv6Xlpn4Viv/N+G9J+0/IUnd
+YWvhmF4yzBb4R4FjyxiKG9d79o6JhhJ1ts5fmNk/idS0sBoj8FOkj53KAbw6pHBQ
+bO3f+UYWLvx8I8F5iycAseA5GTid2cOU8s/gY34rhvey2PGzR+hxfDDGbpRxXFKw
+X4zOKCYK8qAR9dDc8MOJyAs30NXn6vxiQSNijJe7+0J91NbAOHw/NeaIS673exqs
+K7nPiAe7tPwZOY5LsZxzrosTIsUryheM8S+S0Sqess+zkKMV1xbCbyk2eMbhdfyL
+5xLGv7HxnIEoJyRKQ4q0wk9GteLdvlSAKJ1cTe/n8NOf36cXZj/s
+-----END CERTIFICATE-----

Review Comment:
   There is no reason for us to provide this.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org