目前我开启Doris服务开启了SSL认证后,并且使用了“ssl_force_client_auth = true”参数。
经过测试发现mysql命令行工具连接doris服务时必须使用ssl认证携带证书的方式,但是当我使用dbeaver连接Doris服务时,不论是否使用SSL证书,均可以连接Doris服务。
[root@hw01 client_certificate]$ mysql -h hw01 -P 30006 -u root -p'xxxxxxxxxxxx'
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
[root@hw01 client_certificate]$
[root@hw01 client_certificate]$
[root@hw01 client_certificate]$ mysql -h hw01 -P 30006 -u root -p'xxxxxxxxxxxx' --ssl-mode=VERIFY_CA --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 44
Server version: 5.7.99 Doris version simpp-2.1.0-ds2.1.7-443e87e
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
该图片为测试不使用SSL认证连接Doris服务
该图片为测试使用SSL认证连接Doris服务
