*: pin go1.20

build/image/base

@@ -17,13 +17,13 @@ FROM hub.pingcap.net/jenkins/centos7_jenkins
 USER root
 WORKDIR /root
 
-ENV GOLANG_VERSION 1.19.5
+ENV GOLANG_VERSION 1.20.1
 ENV GOLANG_DOWNLOAD_URL https://dl.google.com/go/go$GOLANG_VERSION.linux-amd64.tar.gz
-ENV GOLANG_DOWNLOAD_SHA256 36519702ae2fd573c9869461990ae550c8c0d955cd28d2827a6b159fda81ff95
+ENV GOLANG_DOWNLOAD_SHA256 000a5b1fca4f75895f78befeb2eecf10bfff3c428597f3f1e69133b63b911b02
 ENV GOPATH /go
 ENV GOROOT /usr/local/go
 ENV PATH $GOPATH/bin:$GOROOT/bin:$PATH
-ADD https://github.com/bazelbuild/bazel/releases/download/5.3.2/bazel-5.3.2-linux-x86_64 /usr/bin/bazel
+ADD https://github.com/bazelbuild/bazel/releases/download/6.0.0/bazel-6.0.0-linux-x86_64 /usr/bin/bazel
 ADD https://uploader.codecov.io/latest/linux/codecov /usr/bin/codecov
 RUN curl https://setup.ius.io | sh || true && \
     chmod u+x /usr/bin/bazel && yum update -y && \

build/image/centos7_jenkins

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM hub.pingcap.net/wangweizhen/base_image:go11920230111
+FROM hub.pingcap.net/wangweizhen/base_image:go12020230220
 USER root
 WORKDIR /root
 COPY .ci_bazel /data/bazel

go.mod

@@ -1,6 +1,6 @@
 module github.com/pingcap/tidb
 
-go 1.19
+go 1.20
 
 require (
 	cloud.google.com/go/storage v1.27.0

server/tidb_serial_test.go

@@ -16,6 +16,7 @@ package server
 
 import (
 	"context"
+	"crypto/tls"
 	"crypto/x509"
 	"os"
 	"path/filepath"
@@ -33,6 +34,26 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+// isTLSExpiredError checks error is caused by TLS expired.
+func isTLSExpiredError(err error) bool {
+	err = errors.Cause(err)
+	switch inval := err.(type) {
+	case x509.CertificateInvalidError:
+		if inval.Reason != x509.Expired {
+			return false
+		}
+	case *tls.CertificateVerificationError:
+		invalid, ok := inval.Err.(x509.CertificateInvalidError)
+		if !ok || invalid.Reason != x509.Expired {
+			return false
+		}
+		return true
+	default:
+		return false
+	}
+	return true
+}
+
 // this test will change `kv.TxnTotalSizeLimit` which may affect other test suites,
 // so we must make it running in serial.
 func TestLoadData1(t *testing.T) {
@@ -210,7 +231,6 @@ func TestTLSBasic(t *testing.T) {
 }
 
 func TestTLSVerify(t *testing.T) {
-	t.Skip("remove skip after upgrading go1.20.1")
 	ts := createTidbTestSuite(t)
 
 	dir := t.TempDir()
@@ -264,9 +284,9 @@ func TestTLSVerify(t *testing.T) {
 	require.NoError(t, err)
 	cli.runTestRegression(t, connOverrider, "TLSRegression")
 
-	require.False(t, util.IsTLSExpiredError(errors.New("unknown test")))
-	require.False(t, util.IsTLSExpiredError(x509.CertificateInvalidError{Reason: x509.CANotAuthorizedForThisName}))
-	require.True(t, util.IsTLSExpiredError(x509.CertificateInvalidError{Reason: x509.Expired}))
+	require.False(t, isTLSExpiredError(errors.New("unknown test")))
+	require.False(t, isTLSExpiredError(x509.CertificateInvalidError{Reason: x509.CANotAuthorizedForThisName}))
+	require.True(t, isTLSExpiredError(x509.CertificateInvalidError{Reason: x509.Expired}))
 
 	_, _, err = util.LoadTLSCertificates("", "wrong key", "wrong cert", true, 528)
 	require.Error(t, err)
@@ -456,7 +476,6 @@ func TestDefaultCharacterAndCollation(t *testing.T) {
 }
 
 func TestReloadTLS(t *testing.T) {
-	t.Skip("remove skip after upgrading go1.20.1")
 	ts := createTidbTestSuite(t)
 
 	// Generate valid TLS certificates.
@@ -555,6 +574,6 @@ func TestReloadTLS(t *testing.T) {
 	}
 	err = cli.runTestTLSConnection(t, connOverrider)
 	require.NotNil(t, err)
-	require.Truef(t, util.IsTLSExpiredError(err), "real error is %+v", err)
+	require.Truef(t, isTLSExpiredError(err), "real error is %+v", err)
 	server.Close()
 }

util/misc.go

@@ -551,27 +551,6 @@ func LoadTLSCertificates(ca, key, cert string, autoTLS bool, rsaKeySize int) (tl
 	return
 }
 
-// IsTLSExpiredError checks error is caused by TLS expired.
-func IsTLSExpiredError(err error) bool {
-	err = errors.Cause(err)
-	switch inval := err.(type) {
-	case x509.CertificateInvalidError:
-		if inval.Reason != x509.Expired {
-			return false
-		}
-		// TODO: remove it after upgrading 1.20
-		// case *tls.CertificateVerificationError:
-		// 	invali, ok := inval.Err.(x509.CertificateInvalidError)
-		// 	if !ok || invali.Reason != x509.Expired {
-		// 		return false
-		// 	}
-		// 	return true
-	default:
-		return false
-	}
-	return true
-}
-
 var (
 	internalClientInit sync.Once
 	internalHTTPClient *http.Client