Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-747

Unset tls_verification flag if environment variable MARIADB_TLS_DISABLE_PEER_VERIFICATION is set

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 3.4.3
    • 3.4.4
    • TLS/SSL
    • None

    Description

      In commit 39f2e12f9a6640eb82f1974dcd0ab2bc296c1403 a new environment variable MARIADB_TLS_DISABLE_PEER_VERIFICATION was introduced, which skips the peer certification during TLS handshake.

      Instead of skipping the verification during handshake, we need to set tls_allow_invalid_server_certificate option during initialization of the connection handle.

      This will allow clients which don't have an option to enable/disable TLS peer server certification to connect even without TLS/SSL (see also https://stackoverflow.com/questions/79242494/ssl-is-required-but-the-server-does-not-support-it-rails-with-mariadb)

      Attachments

        Activity

          There are no comments yet on this issue.

          People

            georg Georg Richter
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.