Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-48

SSL Validation for Self Signed Certificates

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 1.1.2
    • 1.1.3
    • None

    Description

      Currently the MariaDB Java Client JDBC driver has two validation modes for server certificates. It can either use:
      1) The default JVM key store. This is the default option.
      2) It can accept all remote certificates without validation. This is done by setting the "trustServerCertificate" property to a non-null value.

      When using self-signed certificates for the server neither of these is acceptable. Option #1 will not validate as the certificate is not signed by a trusted certificate authority. Option #2 is inherently insecure and is susceptible to a man in the middle attack.

      The JDBC driver should allow users to validate the server against a predefined server certificate.

      Attachments

        Activity

          People

            wlad Vladislav Vaintroub
            sehrope Sehrope Sarkuni
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.