[CONJ-1105] TLS certificate validation without needs to provide certificate client side - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.4.0
Component/s: configuration
Labels:
None

Description

In order to have SSL connections, there was 3 solutions:

Have server certificats generated with trusted node.js Certificate Authorities (CA) in java default truststore, like
jdbc:mariadb://host/db?sslMode=verify-full

Configure connector with server certificate like:

jdbc:mariadb://host/db?sslMode=verify-full&serverSslCert=...`

disable certificate ssl verification (not secured!) like:
jdbc:mariadb://host/db?sslMode=trust`

Since MariaDB 11.4.1 and ~~MDEV-31855~~, connector doesn't need to have server certificate anymore, permitting simple configuration like even for certificate without CA present in truststore. more info on see https://mariadb.org/mission-impossible-zero-configuration-ssl/

This permit easier client configuration but have a few limitations:

user must use a password
authentication use must be either mysql_native_password / client_ed25519

Attachments

Issue Links

relates to

MDEV-31855 validate ssl certificates using client password

Closed

Activity

People

Assignee:: Diego Dupin

Reporter:: Diego Dupin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-08-30 16:23

Updated:: 2024-03-14 14:12

Resolved:: 2024-03-12 15:24

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.