Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7937

Enforce SSL when --ssl client option is used

        Details

        • Type: Task
        • Status: Closed
        • Priority: Critical
        • Resolution: Fixed
        • Fix Version/s: 5.5.44
        • Component/s: SSL
        • Labels:
        • Sprint:
          5.5.44

          Description

            Gliffy Diagrams

              Attachments

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                serg Sergei Golubchik added a comment -

                as discussed in emails, let's keep --ssl as is and fix CLIENT_SSL_VERIFY_SERVER_CERT instead.

                Show
                serg Sergei Golubchik added a comment - as discussed in emails, let's keep --ssl as is and fix CLIENT_SSL_VERIFY_SERVER_CERT instead.
                Hide
                Permalink
                serg Sergei Golubchik added a comment -

                Another option would be to make CLIENT_SSL_VERIFY_SERVER_CERT enabled by default and make --ssl to be required if CLIENT_SSL_VERIFY_SERVER_CERT is enabled and optional if it is disabled. This might be easier to use than the previous suggestion.

                Either way, the point is — without certificate checks the --ssl option doesn't guarantee anything, so requiring SSL that way does not make a lot of sense.

                Show
                serg Sergei Golubchik added a comment - Another option would be to make CLIENT_SSL_VERIFY_SERVER_CERT enabled by default and make --ssl to be required if CLIENT_SSL_VERIFY_SERVER_CERT is enabled and optional if it is disabled. This might be easier to use than the previous suggestion. Either way, the point is — without certificate checks the --ssl option doesn't guarantee anything, so requiring SSL that way does not make a lot of sense.
                Hide
                Permalink
                serg Sergei Golubchik added a comment -

                ok to push with tests

                Show
                serg Sergei Golubchik added a comment - ok to push with tests
                Hide
                Permalink
                cvicentiu Vicentiu Ciorbaru added a comment -

                Fixed with:
                https://github.com/MariaDB/server/compare/56e2d8318bf3...be5035b4f4e4

                Show
                cvicentiu Vicentiu Ciorbaru added a comment - Fixed with: https://github.com/MariaDB/server/compare/56e2d8318bf3...be5035b4f4e4

                  People

                  • Assignee:
                    cvicentiu Vicentiu Ciorbaru
                    Reporter:
                    nirbhay_c Nirbhay Choubey
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    7 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Agile