Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 84

Fix handling of MySQL TLS flags (#689)

Browse source 
Incorrect handling of the flags prevented users from setting up TLS
connections to the MySQL server.

Fixes #320
This commit is contained in:
Zach Wasserman 2021-04-28 08:31:19 -07:00 committed by GitHub
parent a8ce68f56a
commit 2bdc39390a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
server/datastore/mysql/mysql.go
View file

@ -155,7 +155,8 @@ func New(config config.MysqlConfig, c clock.Clock, opts ...DBOption) (*Datastore
config.Password = strings.TrimSpace(string(fileContents))
}
if config.TLSConfig != "" {
if config.TLSCA != "" {
config.TLSConfig = "custom"
err := registerTLS(config)
if err != nil {
return nil, errors.Wrap(err, "register TLS config for mysql")
@ -346,15 +347,18 @@ func registerTLS(config config.MysqlConfig) error {
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
return errors.New("failed to append PEM.")
}
clientCert := make([]tls.Certificate, 0, 1)
certs, err := tls.LoadX509KeyPair(config.TLSCert, config.TLSKey)
if err != nil {
return errors.Wrap(err, "load mysql client cert and key")
}
clientCert = append(clientCert, certs)
cfg := tls.Config{
RootCAs: rootCertPool,
Certificates: clientCert,
RootCAs: rootCertPool,
}
if config.TLSCert != "" {
clientCert := make([]tls.Certificate, 0, 1)
certs, err := tls.LoadX509KeyPair(config.TLSCert, config.TLSKey)
if err != nil {
return errors.Wrap(err, "load mysql client cert and key")
}
clientCert = append(clientCert, certs)
cfg.Certificates = clientCert
}
if config.TLSServerName != "" {
cfg.ServerName = config.TLSServerName