Skip to content

lightning: when tidb.tls config set to "false", TLSConfig didn't change, and db cannot connect #53001

New issue
New issue
Closed
#53140
Closed
lightning: when tidb.tls config set to "false", TLSConfig didn't change, and db cannot connect#53001
#53140
Assignees
lance6716
Labels
affects-5.4This bug affects the 5.4.x(LTS) versions.affects-6.1This bug affects the 6.1.x(LTS) versions.affects-6.5This bug affects the 6.5.x(LTS) versions.affects-7.1This bug affects the 7.1.x(LTS) versions.affects-7.5This bug affects the 7.5.x(LTS) versions.affects-8.1This bug affects the 8.1.x(LTS) versions.component/lightningThis issue is related to Lightning of TiDB.severity/majortype/bugThe issue is confirmed as a bug.
@AkiraXie

Description

@AkiraXie
AkiraXie
opened on Apr 30, 2024

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

  1. set lightning.toml security
    image

  2. set lightning config toml [tidb.tls] to "false"
    image

  3. tidb cluster open cluster tls but no client tls

2. What did you expect to see? (Required)

  1. db connect ok

3. What did you see instead (Required)

  1. tidb lightning encountered error: [Lightning:DB:ErrDBConnect]failed to connect database: TLS requested but server does not support TLS
  2. some code shows that tlsconfig won't change

    tidb/pkg/lightning/config/config.go

    Lines 177 to 200 in c60f97d

    if d.Security == nil {
    d.Security = s
    }
    switch d.TLS {
    case "skip-verify", "preferred":
    if d.Security.TLSConfig == nil {
    /* #nosec G402 */
    d.Security.TLSConfig = &tls.Config{
    MinVersion: tls.VersionTLS12,
    InsecureSkipVerify: true,
    NextProtos: []string{"h2", "http/1.1"}, // specify `h2` to let Go use HTTP/2.
    }
    d.Security.AllowFallbackToPlaintext = true
    }
    case "cluster":
    if len(s.CAPath) == 0 {
    return common.ErrInvalidConfig.GenWithStack("cannot set `tidb.tls` to 'cluster' without a [security] section")
    }
    case "", "false":
    d.TLS = "false"
    default:
    return common.ErrInvalidConfig.GenWithStack("unsupported `tidb.tls` config %s", d.TLS)
    }

4. What is your TiDB version? (Required)

master

Metadata

Metadata

Assignees

Labels

affects-5.4This bug affects the 5.4.x(LTS) versions.affects-6.1This bug affects the 6.1.x(LTS) versions.affects-6.5This bug affects the 6.5.x(LTS) versions.affects-7.1This bug affects the 7.1.x(LTS) versions.affects-7.5This bug affects the 7.5.x(LTS) versions.affects-8.1This bug affects the 8.1.x(LTS) versions.component/lightningThis issue is related to Lightning of TiDB.severity/majortype/bugThe issue is confirmed as a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions