Validate CommonName attribute for TLS certificate #524

tennix · 2020-03-09T00:12:05Z

Feature Request

Is your feature request related to a problem? Please describe:

If we follow current TLS in TiDB cluster, any TLS certificates issued by the same CA can access TiDB cluster component. This is insecure as the same CA issued certificates are pretty common.

Describe the feature you'd like:

Allow DM add TLS certificate CN validation, this is the issue in PD, TiKV and TiDB tikv/pd#2209 tikv/tikv#6982 pingcap/tidb#15137

Describe alternatives you've considered:

Teachability, Documentation, Adoption, Migration Strategy:

WangXiangUSTC · 2020-07-23T07:14:00Z

finish in #569

tennix added the type/feature-request This issue is a feature request label Mar 9, 2020

WangXiangUSTC self-assigned this Mar 11, 2020

WangXiangUSTC mentioned this issue Mar 11, 2020

pkg: refine tls && update tidb version pingcap/tidb-tools#323

Merged

WangXiangUSTC mentioned this issue Mar 22, 2020

.*: support TLS #569

Merged

WangXiangUSTC closed this as completed Jul 23, 2020

lance6716 mentioned this issue Sep 1, 2021

openapi: add source releated API #2055

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate CommonName attribute for TLS certificate #524

Validate CommonName attribute for TLS certificate #524

tennix commented Mar 9, 2020 •

edited by kennytm

Loading

WangXiangUSTC commented Jul 23, 2020

Validate CommonName attribute for TLS certificate #524

Validate CommonName attribute for TLS certificate #524

Comments

tennix commented Mar 9, 2020 • edited by kennytm Loading

Feature Request

WangXiangUSTC commented Jul 23, 2020

tennix commented Mar 9, 2020 •

edited by kennytm

Loading