-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
postgres: tls-mode verify-ca
does not work correctly (behaves like verify-full
)
#65816
Comments
I think this is a ticket for the @grafana/grafana-bi-squad, as it’s a PostgreSQL datasource |
Well we just ran into this same type of issue upgrading to Concourse 7.9.1, and after debugging more we think the problem is due to the upgrade of |
Hi, the same issue appears now when updating grafana from 10.1.5 to 10.2.0. Please look into it. Thanks! |
Thanks for letting us know @tomcastro89. I'm going to reopen this issue. |
verify-ca
does not work correctly (behaves like verify-full
)
fixed in #81353 |
unfortunately we had to revert the fix, has problems in certain corner-cases, so i'll reopen this one too. we'll adjust our fix and do it again. |
re-opening since #83892 fixes when postgres is used as database backend not as a data source |
We also fixed it for the Postgres datasource in #83768 |
fixed again in #85530 ( we had to roll back the previous fix) |
summary by @gabor : the postgres TLS mode
verify-ca
does not work correctly, and behaves the same asverify-full
. to reproduce: try this scenario: https://github.com/grafana/oss-big-tent-tools/tree/main/tls-setups/postgres#verify-server-cert-ignore-host . it should work, but it does not.What happened:
Grafana Versions >= 9.4.0 cause the following issues in Panels that use an PostgreSQL (AWS RDS) as Datasource and
the following TLS settings:
Issues
Settings
Host: "insert AWS RDS Postgres Host route53"
Database: "insert DB name"
User+Password
TLS/SSL Mode: verify-ca
TLS/SSL Method: Certificate content
TLS/SSL Root Certificate: "insert official aws rds certificate"
PostgreSQL details
Version: 11
One(the first) certificate out of the official AWS RDS root certificates eu-central-1 bundle is used:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
eu-central-1-bundle.pem
What you expected to happen:
The panels should work in the same way they do in Grafana v9.3.8
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
The text was updated successfully, but these errors were encountered: