You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
In the doc https://etcd.io/docs/v3.5/op-guide/security/ we can see that when we use TLS without --client-cert-auth etcd should accept incomming connection with cacert for gRPC and just work for HTTPS (I checked it, it's working).
But in this case we can't to use --trusted-ca-file. When you turn off --trusted-ca-file this functionality is working.
I found that in client/pkg/transport/listener.go you have next block:
Can you change || to && ? In my mind it will help to support TLS without mTLS for clients with --trusted-ca-file or it is not bug and we should to use mTLS with --trusted-ca-file?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Description:
In the doc https://etcd.io/docs/v3.5/op-guide/security/ we can see that when we use TLS without
--client-cert-authetcd should accept incomming connection withcacertfor gRPC and just work for HTTPS (I checked it, it's working).But in this case we can't to use
--trusted-ca-file. When you turn off--trusted-ca-filethis functionality is working.I found that in
client/pkg/transport/listener.goyou have next block:Question:
Can you change || to && ? In my mind it will help to support TLS without mTLS for clients with
--trusted-ca-fileor it is not bug and we should to use mTLS with--trusted-ca-file?Thanks
Beta Was this translation helpful? Give feedback.
All reactions