Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

pmm-admin --tls-skip-verify does not work when x509 authentication is used

Description

Steps to reproduce:

01) Create MySQL user as:

02) Have autogenerated, self-signed certificates that does not contain any SAN IPs or valid common name, and client certificates (the default that MySQL generates can be used).

03) Try to register the service as

04) The same connection from the MySQL client works fine:

 

When client certificates are used PMM registers custom TLS config:

(https://github.com/percona/pmm/blob/main/agent/tlshelpers/mysql.go#L39-L41)

It implicitly assumes that tls.Config’s InsecureSkipVerify is not enabled.

 

Minimal test to reproduce:

Sample run:

How to test

See “steps to reproduce”.

How to document

None

AFFECTED CS IDs

CS0043286 CS0043486

Smart Checklist

hide

Activity

Show:

saikumar.vs May 28, 2024 at 9:22 AM

verified pls refer testcase section for details.

Done

Details

Assignee

Reporter

Priority

Components

Labels

Needs QA

Yes

Needs Doc

No

Planned Version/s

Fix versions

Story Points

Affects versions

Smart Checklist Progress

Smart Checklist

Created January 30, 2024 at 11:40 AM
Updated August 8, 2024 at 5:01 AM
Resolved June 12, 2024 at 7:57 AM