[MCOL-3542] Add option to not verify an SSL certificate - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4.0
Fix Version/s: 5.6.1
Component/s: None
Labels:
None

Epic Link:
ColumnStore S3 Improvements
Sprint:
2021-5, 2021-6, 2021-7

Description

Low hanging fruit.

We gave the 1.2.5 + S3 package to Patrice @ ABS (iirc?) to play with. It is not working for him b/c the S3 boxes he's using (some on-prem WD boxes that impl S3 protocol) have SSL certs that can't be verified.

Using the libmarias3 lib directly and setting S3NOVERIFY=1, he can interact with it. SM doesn't currently have the option to do that, but should have one. Just needs to know to init the S3 lib with that var or not, don't have to implement anything substantial.

Attachments

Activity

Ascending order - Click to sort in descending order

Patrick LeBlanc (Inactive) created issue - 2019-10-03 20:13

Patrick LeBlanc (Inactive) made changes - 2019-10-03 20:15

Field	Original Value	New Value
Description	Low hanging fruit. We gave the 1.2.5 + S3 package to Patrice @ ABS (iirc?) to play with. It is not working for him b/c the S3 boxes he's using (some on-prem WD boxes that impl S3 protocol) have SSL certs that can't be verified. Using the libmarias3 lib directly and setting S3NOVERIFY=1, he can interact with it. SM doesn't currently have the option to do that, but should have one. Just needs to know to init the S3 lib with that var or not, don't have to implement anyway substantial.	Low hanging fruit. We gave the 1.2.5 + S3 package to Patrice @ ABS (iirc?) to play with. It is not working for him b/c the S3 boxes he's using (some on-prem WD boxes that impl S3 protocol) have SSL certs that can't be verified. Using the libmarias3 lib directly and setting S3NOVERIFY=1, he can interact with it. SM doesn't currently have the option to do that, but should have one. Just needs to know to init the S3 lib with that var or not, don't have to implement anything substantial.

patrice added a comment - 2019-10-03 20:43

the problem is not that the SSL cert can't be verified, it is the url construction that makes it not verifiable. constructing the url in the same way it is when using an IP would make it work. for reference : http://www.wryway.com/blog/aws-s3-url-styles/

patrice added a comment - 2019-10-03 20:43 the problem is not that the SSL cert can't be verified, it is the url construction that makes it not verifiable. constructing the url in the same way it is when using an IP would make it work. for reference : http://www.wryway.com/blog/aws-s3-url-styles/

Todd Stoffel (Inactive) made changes - 2021-03-29 20:13

Assignee

Ben Thompson [ ben.thompson ]

Todd Stoffel (Inactive) made changes - 2021-03-29 20:13

Fix Version/s

5.6.1 [ 25031 ]

Ben Thompson (Inactive) added a comment - 2021-03-29 20:31

Change should be made to storagemanager.cnf to support setting these option in libmarias3 via StorageManager
SM_USE_HTTP (default disabled – current default is https)
SM_SSL_VERIFY (default enabled)

Ben Thompson (Inactive) added a comment - 2021-03-29 20:31 Change should be made to storagemanager.cnf to support setting these option in libmarias3 via StorageManager SM_USE_HTTP (default disabled – current default is https) SM_SSL_VERIFY (default enabled)

Gregory Dorman (Inactive) made changes - 2021-03-29 21:39

Parent	~~MCOL-3449~~ [ 78397 ]
Issue Type	Sub-Task [ 10000 ]	Task [ 3 ]

Gregory Dorman (Inactive) made changes - 2021-03-29 21:39

Epic Link

~~MCOL-3548~~ [ 79545 ]

Gregory Dorman (Inactive) made changes - 2021-03-29 21:42

Sprint

2021-5 [ 504 ]

Gregory Dorman (Inactive) made changes - 2021-03-29 21:42

Rank

Ranked higher

Todd Stoffel (Inactive) made changes - 2021-03-31 01:22

Rank

Ranked lower

Ben Thompson (Inactive) made changes - 2021-03-31 17:53

Status

Open [ 1 ]

In Progress [ 3 ]

Ben Thompson (Inactive) added a comment - 2021-04-02 17:34

cnf file options added:

Setting use_http to 'enabled' for host to use http instead of https
The default is use_http = disabled (https)
use_http = enabled

Setting ssl_verify to 'disabled' for how to not use SSL verification
Default is ssl_verify = enabled
ssl_verify = disabled

Ben Thompson (Inactive) added a comment - 2021-04-02 17:34 cnf file options added: Setting use_http to 'enabled' for host to use http instead of https The default is use_http = disabled (https) use_http = enabled Setting ssl_verify to 'disabled' for how to not use SSL verification Default is ssl_verify = enabled ssl_verify = disabled

Ben Thompson (Inactive) made changes - 2021-04-02 17:35

Assignee	Ben Thompson [ ben.thompson ]	David Hall [ david.hall ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

David Hall (Inactive) made changes - 2021-04-05 14:14

Status

In Review [ 10002 ]

In Testing [ 10301 ]

David Hall (Inactive) made changes - 2021-04-05 14:14

Assignee

David Hall [ david.hall ]

Daniel Lee [ dleeyh ]

Gregory Dorman (Inactive) made changes - 2021-04-05 16:04

Sprint

2021-5 [ 504 ]

2021-5, 2021-6 [ 504, 509 ]

Daniel Lee (Inactive) made changes - 2021-04-09 13:55

Assignee

Daniel Lee [ dleeyh ]

Ben Thompson [ ben.thompson ]

Gregory Dorman (Inactive) made changes - 2021-04-19 16:04

Sprint

2021-5, 2021-6 [ 504, 509 ]

2021-5, 2021-6, 2021-7 [ 504, 509, 514 ]

Gregory Dorman (Inactive) made changes - 2021-05-04 20:29

Resolution		Fixed [ 1 ]
Status	In Testing [ 10301 ]	Closed [ 6 ]

People

Assignee:: Ben Thompson (Inactive)

Reporter:: Patrick LeBlanc (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2019-10-03 20:13

Updated:: 2021-05-04 20:29

Resolved:: 2021-05-04 20:29

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB ColumnStore

Details

Description

Attachments

Activity

People

Dates

Git Integration