zhixinwen commented on PR #3061: URL: https://github.com/apache/kvrocks/pull/3061#issuecomment-3098698895
> Yeah but it is skipped via `T.skip` due to some historical reason. Hence I thought that maybe we can do a manual test to ensure it is not broken because of these changes. Verified manually the TLS replication would work. Master config: ``` # Master configuration with TLS port 6666 tls-port 6667 tls-cert-file tests/gocase/tls/cert/server.crt tls-key-file tests/gocase/tls/cert/server.key tls-ca-cert-file tests/gocase/tls/cert/ca.crt tls-auth-clients no tls-protocols "TLSv1.2" tls-ciphers DEFAULT dir /tmp/kvrocks-master-data ``` Replica config: ``` # Slave configuration with TLS port 6668 tls-port 6669 tls-cert-file tests/gocase/tls/cert/server.crt tls-key-file tests/gocase/tls/cert/server.key tls-ca-cert-file tests/gocase/tls/cert/ca.crt tls-auth-clients no tls-protocols "TLSv1.2" tls-ciphers DEFAULT # Enable TLS for replication tls-replication yes # Master connection (using TLS port) slaveof 127.0.0.1 6667 dir /tmp/kvrocks-slave-data ``` port 6667 can only be accessed with tls: ``` coder@zwen-dev:~/kvrocks$ /usr/bin/redis-cli --tls -p 6667 --cacert tests/gocase/tls/cert/ca.crt PING PONG coder@zwen-dev:~/kvrocks$ /usr/bin/redis-cli -p 6667 PING Error: Connection reset by peer ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
