[CONJ-48] SSL Validation for Self Signed Certificates - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.1.2
Fix Version/s: 1.1.3
Component/s: None
Labels:
- jdbc
- ssl

Description

Currently the MariaDB Java Client JDBC driver has two validation modes for server certificates. It can either use:
1) The default JVM key store. This is the default option.
2) It can accept all remote certificates without validation. This is done by setting the "trustServerCertificate" property to a non-null value.

When using self-signed certificates for the server neither of these is acceptable. Option #1 will not validate as the certificate is not signed by a trusted certificate authority. Option #2 is inherently insecure and is susceptible to a man in the middle attack.

The JDBC driver should allow users to validate the server against a predefined server certificate.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

mariadb-java-client.ssl-validation.patch
22 kB
2013-06-24 01:40

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Sehrope Sarkuni

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2013-06-24 01:35

Updated:: 2013-06-26 10:38

Resolved:: 2013-06-26 10:38

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.