octoleo/gh-ost
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Wireup allowing insecure ssl

Browse Source
This commit is contained in:
Brandon Bodnar 2019-02-04 16:21:25 -06:00
parent 79df0d1c5d
commit 5b0dfb009c
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
go/base/context.go
View File

@ -100,7 +100,7 @@ type MigrationContext struct {
CliUser string
CliPassword string
UseTLS bool
TLSInsecureSkipVerify bool
TLSAllowInsecure bool
TLSCACertificate string
CliMasterUser string
CliMasterPassword string
@ -700,7 +700,7 @@ func (this *MigrationContext) ApplyCredentials() {
func (this *MigrationContext) SetupTLS() error {
if this.UseTLS {
return this.InspectorConnectionConfig.UseTLS(this.TLSCACertificate)
return this.InspectorConnectionConfig.UseTLS(this.TLSCACertificate, this.TLSAllowInsecure)
}
return nil
}

6
go/cmd/gh-ost/main.go
View File

@ -57,7 +57,7 @@ func main() {
flag.BoolVar(&migrationContext.UseTLS, "ssl", false, "Enable SSL encrypted connections to MySQL hosts")
flag.StringVar(&migrationContext.TLSCACertificate, "ssl-ca", "", "CA certificate in PEM format for TLS connections to MySQL hosts. Requires --ssl")
flag.StringVar(&migrationContext.TLSInsecureSkipVerify, "ssl-insecure", false, "Do not verify that the TLS connection is secure. Requires --ssl")
flag.BoolVar(&migrationContext.TLSAllowInsecure, "ssl-allow-insecure", false, "Skips verification of MySQL hosts' certificate chain and host name. Requires --ssl")
flag.StringVar(&migrationContext.DatabaseName, "database", "", "database name (mandatory)")
flag.StringVar(&migrationContext.OriginalTableName, "table", "", "table name (mandatory)")
@ -202,8 +202,8 @@ func main() {
if migrationContext.TLSCACertificate != "" && !migrationContext.UseTLS {
log.Fatalf("--ssl-ca requires --ssl")
}
if migrationContext.TLSInsecureSkipVerify && !migrationContext.UseTLS {
log.Fatalf("--ssl-insecure requires --ssl")
if migrationContext.TLSAllowInsecure && !migrationContext.UseTLS {
log.Fatalf("--ssl-allow-insecure requires --ssl")
}
if *replicationLagQuery != "" {
log.Warningf("--replication-lag-query is deprecated")

6
go/mysql/connection.go
View File

@ -57,11 +57,11 @@ func (this *ConnectionConfig) Equals(other *ConnectionConfig) bool {
return this.Key.Equals(&other.Key) || this.ImpliedKey.Equals(other.ImpliedKey)
}
func (this *ConnectionConfig) UseTLS(caCertificatePath string) error {
func (this *ConnectionConfig) UseTLS(caCertificatePath string, allowInsecure bool) error {
var rootCertPool *x509.CertPool
var err error
if !this.TLSInsecureSkipVerify {
if !allowInsecure {
if caCertificatePath == "" {
rootCertPool, err = x509.SystemCertPool()
if err != nil {
@ -81,7 +81,7 @@ func (this *ConnectionConfig) UseTLS(caCertificatePath string) error {
this.tlsConfig = &tls.Config{
RootCAs: rootCertPool,
InsecureSkipVerify: this.TLSInsecureSkipVerify,
InsecureSkipVerify: allowInsecure,
}
return mysql.RegisterTLSConfig(this.Key.StringCode(), this.tlsConfig)