Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-360

Support equivalent of ssl_mode=VERIFY_CA / disableSslHostnameVerification

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Won't Fix
    • None
    • N/A
    • TLS/SSL
    • None

    Description

      Currently it seems both CA verification and hostname verification are guarded being the ssl_verify_server_cert option, so an application cannot verify the CA independently of hostname verification.

      So this is a feature request to be able to disable hostname verification while still being able to perform peer certificate verification. This is akin to ssl_mode=VERIFY_CA or perhaps the MariaDB connector/j's disableSslHostnameVerification option. In some environments the subject names on a certificate are not terribly interesting, but we would like the client to verify the server's certificate against some provided CA which seems impossible today when using the MariaDB Connector/C.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-28634 Client's --ssl-* options (without --ssl-verify-server-cert) are silently ignored if TLS is not possible

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link mysqlclient-python issue #439 would use it if available

          Activity

            People

              georg Georg Richter
              andrew.garner Andrew Garner
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.