pmm-admin --tls-skip-verify does not work when x509 authentication is used
General
Escalation
General
Escalation
Description
Steps to reproduce:
01) Create MySQL user as:
02) Have autogenerated, self-signed certificates that does not contain any SAN IPs or valid common name, and client certificates (the default that MySQL generates can be used).
03) Try to register the service as
04) The same connection from the MySQL client works fine:
When client certificates are used PMM registers custom TLS config:
Steps to reproduce:
01) Create MySQL user as:
02) Have autogenerated, self-signed certificates that does not contain any SAN IPs or valid common name, and client certificates (the default that MySQL generates can be used).
03) Try to register the service as
04) The same connection from the MySQL client works fine:
When client certificates are used PMM registers custom TLS config:
(https://github.com/percona/pmm/blob/main/agent/tlshelpers/mysql.go#L39-L41)
It implicitly assumes that
tls.Config
’sInsecureSkipVerify
is not enabled.Minimal test to reproduce:
Sample run: