Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-1105

TLS certificate validation without needs to provide certificate client side

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 3.4.0
    • configuration
    • None

    Description

      In order to have SSL connections, there was 3 solutions:

      • Have server certificats generated with trusted node.js Certificate Authorities (CA) in java default truststore, like

        jdbc:mariadb://host/db?sslMode=verify-full
        

      • Configure connector with server certificate like:

        jdbc:mariadb://host/db?sslMode=verify-full&serverSslCert=...`

      • disable certificate ssl verification (not secured!) like:

        jdbc:mariadb://host/db?sslMode=trust`

      Since MariaDB 11.4.1 and MDEV-31855, connector doesn't need to have server certificate anymore, permitting simple configuration like even for certificate without CA present in truststore. more info on see https://mariadb.org/mission-impossible-zero-configuration-ssl/

      This permit easier client configuration but have a few limitations:

      • user must use a password
      • authentication use must be either mysql_native_password / client_ed25519

      Attachments

        Issue Links

          Activity

            People

              diego dupin Diego Dupin
              diego dupin Diego Dupin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.