duanli0687
duanli0687
2019-05-06 09:39

如何在Go中建立基于SSL的与Memsql的TCP连接

已采纳

I'm trying to setup an ssl based tcp connection to memsql using Go.

The application/services are running as openshift pods and written in Go.

  1. Can I have one-way authentication to memsql from the service?
  2. Do I need to enable any port in memsql to listen for tls based ssl connection?
  3. Apart from updating the DSN in my service to tls=true, what can be the alternative to customise this configuration.
  4. Can someone suggest an efficient way to connect to memsql with ssl enabled?

I've followed the memsql documentation and inserted the certificates to memsql master and aggregator, as well as made the permission check enabled, but still I'm able to get into the memsql without giving the rootCertificate in the login.

Currently the connection is established by following code:

db, err := sql.Open("mysql", DSN) and
DSN=root:@tcp(IPAddress:3306)/riodev?interpolateParams=true&parseTime=true
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dongshun1884 dongshun1884 2年前
    1. Can you clarify what your question is? The SSL authentication is one-way, the client verifies the server. The server verifies the client via their login information.

    2. No, MemSQL uses the same port for SSL and non-SSL connections.

    3. You may also need to configure the SSL certificate, as described in https://github.com/go-sql-driver/mysql#tls.

    4. Most client libraries support connecting with SSL.

    I've followed the memsql documentation and inserted the certificates to memsql master and aggregator, as well as made the permission check enabled, but still I'm able to get into the memsql without giving the rootCertificate in the login.

    Is it possible the connection is already using SSL? It may be using SSL-preferred mode without verifying the certificate.

    点赞 评论 复制链接分享