Wireup allowing insecure ssl
This commit is contained in:
parent
79df0d1c5d
commit
5b0dfb009c
@ -94,16 +94,16 @@ type MigrationContext struct {
|
||||
AliyunRDS bool
|
||||
GoogleCloudPlatform bool
|
||||
|
||||
config ContextConfig
|
||||
configMutex *sync.Mutex
|
||||
ConfigFile string
|
||||
CliUser string
|
||||
CliPassword string
|
||||
UseTLS bool
|
||||
TLSInsecureSkipVerify bool
|
||||
TLSCACertificate string
|
||||
CliMasterUser string
|
||||
CliMasterPassword string
|
||||
config ContextConfig
|
||||
configMutex *sync.Mutex
|
||||
ConfigFile string
|
||||
CliUser string
|
||||
CliPassword string
|
||||
UseTLS bool
|
||||
TLSAllowInsecure bool
|
||||
TLSCACertificate string
|
||||
CliMasterUser string
|
||||
CliMasterPassword string
|
||||
|
||||
HeartbeatIntervalMilliseconds int64
|
||||
defaultNumRetries int64
|
||||
@ -700,7 +700,7 @@ func (this *MigrationContext) ApplyCredentials() {
|
||||
|
||||
func (this *MigrationContext) SetupTLS() error {
|
||||
if this.UseTLS {
|
||||
return this.InspectorConnectionConfig.UseTLS(this.TLSCACertificate)
|
||||
return this.InspectorConnectionConfig.UseTLS(this.TLSCACertificate, this.TLSAllowInsecure)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -57,7 +57,7 @@ func main() {
|
||||
|
||||
flag.BoolVar(&migrationContext.UseTLS, "ssl", false, "Enable SSL encrypted connections to MySQL hosts")
|
||||
flag.StringVar(&migrationContext.TLSCACertificate, "ssl-ca", "", "CA certificate in PEM format for TLS connections to MySQL hosts. Requires --ssl")
|
||||
flag.StringVar(&migrationContext.TLSInsecureSkipVerify, "ssl-insecure", false, "Do not verify that the TLS connection is secure. Requires --ssl")
|
||||
flag.BoolVar(&migrationContext.TLSAllowInsecure, "ssl-allow-insecure", false, "Skips verification of MySQL hosts' certificate chain and host name. Requires --ssl")
|
||||
|
||||
flag.StringVar(&migrationContext.DatabaseName, "database", "", "database name (mandatory)")
|
||||
flag.StringVar(&migrationContext.OriginalTableName, "table", "", "table name (mandatory)")
|
||||
@ -202,8 +202,8 @@ func main() {
|
||||
if migrationContext.TLSCACertificate != "" && !migrationContext.UseTLS {
|
||||
log.Fatalf("--ssl-ca requires --ssl")
|
||||
}
|
||||
if migrationContext.TLSInsecureSkipVerify && !migrationContext.UseTLS {
|
||||
log.Fatalf("--ssl-insecure requires --ssl")
|
||||
if migrationContext.TLSAllowInsecure && !migrationContext.UseTLS {
|
||||
log.Fatalf("--ssl-allow-insecure requires --ssl")
|
||||
}
|
||||
if *replicationLagQuery != "" {
|
||||
log.Warningf("--replication-lag-query is deprecated")
|
||||
|
@ -57,11 +57,11 @@ func (this *ConnectionConfig) Equals(other *ConnectionConfig) bool {
|
||||
return this.Key.Equals(&other.Key) || this.ImpliedKey.Equals(other.ImpliedKey)
|
||||
}
|
||||
|
||||
func (this *ConnectionConfig) UseTLS(caCertificatePath string) error {
|
||||
func (this *ConnectionConfig) UseTLS(caCertificatePath string, allowInsecure bool) error {
|
||||
var rootCertPool *x509.CertPool
|
||||
var err error
|
||||
|
||||
if !this.TLSInsecureSkipVerify {
|
||||
if !allowInsecure {
|
||||
if caCertificatePath == "" {
|
||||
rootCertPool, err = x509.SystemCertPool()
|
||||
if err != nil {
|
||||
@ -81,7 +81,7 @@ func (this *ConnectionConfig) UseTLS(caCertificatePath string) error {
|
||||
|
||||
this.tlsConfig = &tls.Config{
|
||||
RootCAs: rootCertPool,
|
||||
InsecureSkipVerify: this.TLSInsecureSkipVerify,
|
||||
InsecureSkipVerify: allowInsecure,
|
||||
}
|
||||
|
||||
return mysql.RegisterTLSConfig(this.Key.StringCode(), this.tlsConfig)
|
||||
|
Loading…
Reference in New Issue
Block a user