(t *testing.T)
| 560 | } |
| 561 | |
| 562 | func TestStatusAPIWithTLSCNCheck(t *testing.T) { |
| 563 | ts := servertestkit.CreateTidbTestSuite(t) |
| 564 | |
| 565 | dir := t.TempDir() |
| 566 | |
| 567 | caPath := filepath.Join(dir, "ca-cert-cn.pem") |
| 568 | serverKeyPath := filepath.Join(dir, "server-key-cn.pem") |
| 569 | serverCertPath := filepath.Join(dir, "server-cert-cn.pem") |
| 570 | client1KeyPath := filepath.Join(dir, "client-key-cn-check-a.pem") |
| 571 | client1CertPath := filepath.Join(dir, "client-cert-cn-check-a.pem") |
| 572 | client2KeyPath := filepath.Join(dir, "client-key-cn-check-b.pem") |
| 573 | client2CertPath := filepath.Join(dir, "client-cert-cn-check-b.pem") |
| 574 | |
| 575 | caCert, caKey, err := generateCert(0, "TiDB CA CN CHECK", nil, nil, filepath.Join(dir, "ca-key-cn.pem"), caPath) |
| 576 | require.NoError(t, err) |
| 577 | _, _, err = generateCert(1, "tidb-server-cn-check", caCert, caKey, serverKeyPath, serverCertPath) |
| 578 | require.NoError(t, err) |
| 579 | _, _, err = generateCert(2, "tidb-client-cn-check-a", caCert, caKey, client1KeyPath, client1CertPath, func(c *x509.Certificate) { |
| 580 | c.Subject.CommonName = "tidb-client-1" |
| 581 | }) |
| 582 | require.NoError(t, err) |
| 583 | _, _, err = generateCert(3, "tidb-client-cn-check-b", caCert, caKey, client2KeyPath, client2CertPath, func(c *x509.Certificate) { |
| 584 | c.Subject.CommonName = "tidb-client-2" |
| 585 | }) |
| 586 | require.NoError(t, err) |
| 587 | |
| 588 | cli := testserverclient.NewTestServerClient() |
| 589 | cli.StatusScheme = "https" |
| 590 | cfg := util2.NewTestConfig() |
| 591 | cfg.Port = cli.Port |
| 592 | cfg.Status.StatusPort = cli.StatusPort |
| 593 | cfg.Security.ClusterSSLCA = caPath |
| 594 | cfg.Security.ClusterSSLCert = serverCertPath |
| 595 | cfg.Security.ClusterSSLKey = serverKeyPath |
| 596 | cfg.Security.ClusterVerifyCN = []string{"tidb-client-2"} |
| 597 | tidbserver.RunInGoTestChan = make(chan struct{}) |
| 598 | server, err := tidbserver.NewServer(cfg, ts.Tidbdrv) |
| 599 | require.NoError(t, err) |
| 600 | |
| 601 | go func() { |
| 602 | err := server.Run(nil) |
| 603 | require.NoError(t, err) |
| 604 | }() |
| 605 | <-tidbserver.RunInGoTestChan |
| 606 | cli.Port = testutil.GetPortFromTCPAddr(server.ListenAddr()) |
| 607 | cli.StatusPort = testutil.GetPortFromTCPAddr(server.StatusListenerAddr()) |
| 608 | defer server.Close() |
| 609 | time.Sleep(time.Millisecond * 100) |
| 610 | |
| 611 | hc := newTLSHttpClient(t, caPath, |
| 612 | client1CertPath, |
| 613 | client1KeyPath, |
| 614 | ) |
| 615 | //nolint:bodyclose |
| 616 | _, err = hc.Get(cli.StatusURL("/status")) |
| 617 | require.Error(t, err) |
| 618 | |
| 619 | hc = newTLSHttpClient(t, caPath, |
nothing calls this directly
no test coverage detected