From 2475c82a630a42ddf1dee115af3f2eaed9d6e7c7 Mon Sep 17 00:00:00 2001 From: ssongliu <73214554+ssongliu@users.noreply.github.com> Date: Wed, 21 Feb 2024 17:00:30 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=20Mysql=20=E8=BF=9C?= =?UTF-8?q?=E7=A8=8B=E6=95=B0=E6=8D=AE=E5=BA=93=E6=B7=BB=E5=8A=A0=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C=20(#3939)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refs #3936 --- backend/utils/mysql/client/info.go | 26 ++++++++++++------- .../database/mysql/remote/operate/index.vue | 4 --- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/backend/utils/mysql/client/info.go b/backend/utils/mysql/client/info.go index 0c05951b6..b488d0cf4 100644 --- a/backend/utils/mysql/client/info.go +++ b/backend/utils/mysql/client/info.go @@ -5,6 +5,7 @@ import ( "crypto/x509" "errors" + "github.com/1Panel-dev/1Panel/backend/global" "github.com/go-sql-driver/mysql" ) @@ -124,22 +125,27 @@ func ConnWithSSL(ssl, skipVerify bool, clientKey, clientCert, rootCert string) ( if !ssl { return "", nil } - pool := x509.NewCertPool() + tlsConfig := &tls.Config{ + InsecureSkipVerify: skipVerify, + } if len(rootCert) != 0 { + pool := x509.NewCertPool() if ok := pool.AppendCertsFromPEM([]byte(rootCert)); !ok { + global.LOG.Error("append certs from pem failed") return "", errors.New("unable to append root cert to pool") } + tlsConfig.RootCAs = pool + tlsConfig.VerifyPeerCertificate = VerifyPeerCertFunc(pool) } - cert, err := tls.X509KeyPair([]byte(clientCert), []byte(clientKey)) - if err != nil { - return "", err + if len(clientCert) != 0 && len(clientKey) != 0 { + cert, err := tls.X509KeyPair([]byte(clientCert), []byte(clientKey)) + if err != nil { + return "", err + } + tlsConfig.Certificates = []tls.Certificate{cert} } - if err := mysql.RegisterTLSConfig("cloudsql", &tls.Config{ - RootCAs: pool, - Certificates: []tls.Certificate{cert}, - InsecureSkipVerify: skipVerify, - VerifyPeerCertificate: VerifyPeerCertFunc(pool), - }); err != nil { + if err := mysql.RegisterTLSConfig("cloudsql", tlsConfig); err != nil { + global.LOG.Errorf("register tls config failed, err: %v", err) return "", err } return "&tls=cloudsql", nil diff --git a/frontend/src/views/database/mysql/remote/operate/index.vue b/frontend/src/views/database/mysql/remote/operate/index.vue index 40ffff8b9..f2edcbc8e 100644 --- a/frontend/src/views/database/mysql/remote/operate/index.vue +++ b/frontend/src/views/database/mysql/remote/operate/index.vue @@ -176,10 +176,6 @@ const rules = reactive({ port: [Rules.port], username: [Rules.requiredInput], password: [Rules.requiredInput], - - clientKey: [Rules.requiredInput], - clientCert: [Rules.requiredInput], - rootCert: [Rules.requiredInput], }); type FormInstance = InstanceType;