Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-48

SSL Validation for Self Signed Certificates

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.2
    • Fix Version/s: 1.1.3
    • Component/s: None
    • Labels:

      Description

      Currently the MariaDB Java Client JDBC driver has two validation modes for server certificates. It can either use:
      1) The default JVM key store. This is the default option.
      2) It can accept all remote certificates without validation. This is done by setting the "trustServerCertificate" property to a non-null value.

      When using self-signed certificates for the server neither of these is acceptable. Option #1 will not validate as the certificate is not signed by a trusted certificate authority. Option #2 is inherently insecure and is susceptible to a man in the middle attack.

      The JDBC driver should allow users to validate the server against a predefined server certificate.

        Attachments

          Activity

            People

            • Assignee:
              wlad Vladislav Vaintroub
              Reporter:
              sehrope Sehrope Sarkuni
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days
                2d