Skip to content

Registered TLS config cannot be reused between servers #536

New issue
New issue
Closed
Closed
Registered TLS config cannot be reused between servers#536
Labels
bug
Milestone
 
v1.4.0
@jfhamlin

Description

@jfhamlin
jfhamlin
opened on Jan 7, 2017

Issue description

Follow these steps:

  1. Create an x509.CertPool and add a CA cert valid for two mysql servers (A and B).
  2. Register a TLS config using this cert pool as the root CAs: mysql.RegisterTLSConfig("custom", &tls.Config{ RootCAs: rootCertPool })
  3. Open a connection to a mysql server at hostname A with tls=custom.
  4. Open a connection to a mysql server at hostname B with tls=custom.

Expected: The connection to server B succeeds.
Actual: The connection to server B fails with error: x509: certificate is valid for A, not B

See https://github.com/go-sql-driver/mysql/blob/master/dsn.go#L513 for the root cause. The registered config is mutated by the first connection (to A), and thereafter it can only be used to connect to A.

Configuration

Driver version (or git SHA): 2e00b5c

Go version: 1.7.1

Server version: MySQL 5.7

Server OS: Ubuntu 15.10

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions