Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postgres-cdc: self-signed cert cannot pass the SSL/TLS validation #16316

Closed
StrikeW opened this issue Apr 16, 2024 · 2 comments
Closed

Postgres-cdc: self-signed cert cannot pass the SSL/TLS validation #16316

StrikeW opened this issue Apr 16, 2024 · 2 comments
Assignees
@StrikeW
Labels
type/bug Something isn't working
Milestone
release-1.9

Comments

@StrikeW
Copy link
Contributor

StrikeW commented Apr 16, 2024
edited
Loading

Describe the bug

See the log

Error message/log

Executor error: Connector error: Postgres error: error performing TLS handshake: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:: unable to get local issuer certificate: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:;

To Reproduce

No response

Expected behavior

For require or prefer ssl.mode, we can skip the verification for self-signed cert.

How did you deploy RisingWave?

No response

The version of RisingWave

No response

Additional context

#15690
@StrikeW StrikeW added the type/bug Something isn't working label Apr 16, 2024
@StrikeW StrikeW self-assigned this Apr 16, 2024
@github-actions github-actions bot added this to the release-1.9 milestone Apr 16, 2024
@StrikeW StrikeW mentioned this issue Apr 16, 2024
Merged
9 tasks
@hzxa21
Copy link
Collaborator

hzxa21 commented Apr 17, 2024

#16319 adopts this approach: "For require or prefer ssl.mode, we can skip the verification for self-signed cert."

@hzxa21 hzxa21 closed this as completed Apr 17, 2024
@StrikeW
Copy link
Contributor Author

StrikeW commented Apr 17, 2024
edited
Loading

#16319 adopts this approach: "For require or prefer ssl.mode, we can skip the verification for self-signed cert."

nit: For require or prefer ssl.mode, we don't verify the peer certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@StrikeW StrikeW

Labels
type/bug Something isn't working
Projects
None yet
Milestone
release-1.9
Development

No branches or pull requests
2 participants
@hzxa21 @StrikeW