Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
2.5.1
-
None
-
Linux CentOS 7.7
-
MXS-SPRINT-113
Description
WIth MariaDB MaxScale configured for TLS for REST like this:
[maxscale]
|
admin_ssl_key=/usr/local/certs/server-key.pem |
admin_ssl_cert=/usr/local/certs/server-cert.pem |
admin_ssl_ca_cert=/usr/local/certs/ca-cert.pem |
Then you get odd errors when trying to connect using client keys:
$ maxctrl --secure --tls-key=/home/anders/src/blogs/maxscalessl/client-key.pem --tls-cert=/home/anders/src/blogs/maxscalessl/client-cert.pem --tls-ca-cert=/home/anders/src/blogs/maxscalessl/ca-cert.pem list servers |
TypeError: Converting circular structure to JSON
|
at JSON.stringify (<anonymous>)
|
at /snapshot/maxctrl/lib/common.js:0:0 |
at process._tickCallback (internal/process/next_tick.js:68:7) |
Using --tls-verify-server-cert=false makes this work though. And then only the ca-cert is necessary:
$ maxctrl --secure --tls-ca-cert=/home/anders/src/blogs/maxscalessl/ca-cert.pem list servers --tls-verify-server-cert=false |
┌─────────┬──────────────┬───────┬─────────────┬───────────────────────────────────────────┬────────────┐
|
│ Server │ Address │ Port │ Connections │ State │ GTID │
|
├─────────┼──────────────┼───────┼─────────────┼───────────────────────────────────────────┼────────────┤
|
│ server1 │ 192.168.0.11 │ 3306 │ 0 │ Master, Slave of External Server, Running │ 0-1-837377 │
|
├─────────┼──────────────┼───────┼─────────────┼───────────────────────────────────────────┼────────────┤
|
│ server2 │ 192.168.0.11 │ 10503 │ 0 │ Down │ │
|
└─────────┴──────────────┴───────┴─────────────┴───────────────────────────────────────────┴────────────┘
|
Including only the client certificate cause yet another strange error message:
$ maxctrl --secure --tls-cert=/home/anders/src/blogs/maxscalessl/client-cert.pem --tls-ca-cert=/home/anders/src/blogs/maxscalessl/ca-cert.pem list servers |
(node:5318) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'toString' of undefined |
at Request.getNewAgent (/snapshot/maxctrl/node_modules/request/request.js:656:63) |
at Request.init (/snapshot/maxctrl/node_modules/request/request.js:490:37) |
at Request.RP$initInterceptor [as init] (/snapshot/maxctrl/node_modules/request-promise-core/configure/request2.js:45:29) |
at new Request (/snapshot/maxctrl/node_modules/request/request.js:127:8) |
at request (/snapshot/maxctrl/node_modules/request/index.js:53:10) |
at module.exports.simpleRequest (/snapshot/maxctrl/lib/common.js:0:0) |
at module.exports.doAsyncRequest (/snapshot/maxctrl/lib/common.js:0:0) |
at module.exports.getJson (/snapshot/maxctrl/lib/common.js:0:0) |
at /snapshot/maxctrl/lib/list.js:0:0 |
at /snapshot/maxctrl/lib/common.js:0:0 |
(node:5318) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1) |
(node:5318) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code. |