Skip to content

Registered TLS config cannot be reused between servers #536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jfhamlin opened this issue Jan 7, 2017 · 1 comment
Closed

Registered TLS config cannot be reused between servers #536

jfhamlin opened this issue Jan 7, 2017 · 1 comment
Labels
bug
Milestone
v1.4.0

Comments

@jfhamlin
Copy link

jfhamlin commented Jan 7, 2017
edited
Loading

Issue description

Follow these steps:

  1. Create an x509.CertPool and add a CA cert valid for two mysql servers (A and B).
  2. Register a TLS config using this cert pool as the root CAs: mysql.RegisterTLSConfig("custom", &tls.Config{ RootCAs: rootCertPool })
  3. Open a connection to a mysql server at hostname A with tls=custom.
  4. Open a connection to a mysql server at hostname B with tls=custom.

Expected: The connection to server B succeeds.
Actual: The connection to server B fails with error: x509: certificate is valid for A, not B

See https://github.com/go-sql-driver/mysql/blob/master/dsn.go#L513 for the root cause. The registered config is mutated by the first connection (to A), and thereafter it can only be used to connect to A.

Configuration

Driver version (or git SHA): 2e00b5c

Go version: 1.7.1

Server version: MySQL 5.7

Server OS: Ubuntu 15.10
@jfhamlin jfhamlin changed the title Registered TLS config cannot be reused between servers. Registered TLS config cannot be reused between servers Jan 7, 2017
@jfhamlin
Copy link
Author

jfhamlin commented Jan 7, 2017

Cf. https://github.com/golang/go/blob/master/src/net/http/server.go#L2841

@x6j8x x6j8x mentioned this issue Feb 14, 2017
Closed
@julienschmidt julienschmidt added this to the v1.4 milestone Apr 28, 2017
@rebeccachin rebeccachin mentioned this issue May 26, 2017
Merged
4 tasks
maurosr pushed a commit to maurosr/orchestrator that referenced this issue Jul 13, 2017
Updated github.com/go-sql-driver/mysql to the master HEAD.
8cd7f36 
Fixes bug go-sql-driver/mysql#536.
@maurosr maurosr mentioned this issue Jul 13, 2017
Merged
@maurosr maurosr mentioned this issue Jul 21, 2017
Merged
tolsen pushed a commit to tolsen/mysql that referenced this issue May 17, 2018
utils: don't mutate registered tls configs (go-sql-driver#600)
ef769bd 
Fixes go-sql-driver#536
tolsen pushed a commit to tolsen/mysql that referenced this issue May 17, 2018
utils: don't mutate registered tls configs (go-sql-driver#600)
a6af165 
Fixes go-sql-driver#536
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v1.4.0
Development

No branches or pull requests
2 participants
@jfhamlin @julienschmidt