Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-48

SSL Validation for Self Signed Certificates

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.2
    • Fix Version/s: 1.1.3
    • Component/s: None
    • Labels:

      Description

      Currently the MariaDB Java Client JDBC driver has two validation modes for server certificates. It can either use:
      1) The default JVM key store. This is the default option.
      2) It can accept all remote certificates without validation. This is done by setting the "trustServerCertificate" property to a non-null value.

      When using self-signed certificates for the server neither of these is acceptable. Option #1 will not validate as the certificate is not signed by a trusted certificate authority. Option #2 is inherently insecure and is susceptible to a man in the middle attack.

      The JDBC driver should allow users to validate the server against a predefined server certificate.

        Attachments

          Activity

            People

            Assignee:
            wlad Vladislav Vaintroub
            Reporter:
            sehrope Sehrope Sarkuni
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: