Validate CommonName attribute for TLS certificate #2209
Labels
type/enhancement
The issue or PR belongs to an enhancement.
Comments
tennix
changed the title
This was referenced Mar 9, 2020
|
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
Describe your feature request related problem:
Currently, any TLS certificates issued by the same CA can access TiDB cluster component. This is insecure as the same CA issued certificates are pretty common.
Describe the feature you'd like:
Allow PD add TLS certificate CN validation, this is the issue in TiKV and TiDB tikv/tikv#6982 pingcap/tidb#15137
Describe alternatives you've considered:
Teachability, Documentation, Adoption, Migration Strategy:
Etcd 3.3.0 supports the same feature https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md#notes-for-tls-authentication
The text was updated successfully, but these errors were encountered: