arpitjain099 opened a new pull request, #64925:
URL: https://github.com/apache/doris/pull/64925
### What problem does this PR solve?
Issue Number: close #64570
Related PR: N/A
Problem Summary:
The Go SDK HTTP client (`pkg/load/util/http_client.go`) hardcodes
`InsecureSkipVerify: true` in its default TLS configuration. All SDK API calls,
including those carrying authentication credentials, skip TLS certificate
verification. This exposes Doris database credentials to man-in-the-middle
attacks on any Go SDK client connection (CWE-295).
The fix enables TLS verification by default (the Go standard library default
behavior) and adds a configurable `InsecureSkipVerify` field to `Config` for
environments that use self-signed certificates.
Since `InsecureSkipVerify` is a `bool`, its zero value is `false`, so
existing callers that don't set the field get the secure default without code
changes.
### Release note
Fixed a security issue in the Go SDK where TLS certificate verification was
disabled by default, exposing credentials to potential MITM attacks. TLS
verification is now enabled by default. Users who need to connect to Doris
clusters with self-signed certificates can set `InsecureSkipVerify: true` in
their `Config`.
### Check List (For Author)
- Test
- [ ] Regression test
- [ ] Unit Test
- [x] Manual test (add detailed scripts or steps below)
- Verified that the test in `http_client_test.go` still passes (it
uses `httptest.NewServer` which is plain HTTP, so TLS config is not exercised).
The `InsecureSkipVerify` field was also removed from the test helper since it
is not needed for the HTTP test server.
- [ ] No need to test or manual test. Explain why:
- [ ] This is a refactor/code format and no logic has been changed.
- [ ] Previous test can cover this change.
- [ ] No code files have been changed.
- [ ] Other reason
- Behavior changed:
- [x] Yes. TLS certificate verification is now enabled by default.
Clusters using self-signed certificates will need to set `InsecureSkipVerify:
true` in their SDK config to maintain the previous behavior.
- Does this need documentation?
- [x] Yes. The new `InsecureSkipVerify` config field should be
documented in the Go SDK README.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]