Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10246

ssl-* have no effect without mysql_ssl_set()

    XMLWordPrintable

    Details

      Description

      Preamble.

      mysql cli was known for "ignoring" --ssl option on its own. If someone needed to enable SSL on client side they had to specify any other ssl option, e. g. --ssl-cipher=AES128-SHA. This was fixed in MariaDB, I guess by mysql_ssl_set() setting use_ssl = TRUE unconditionally. Thus we now can use mysql --ssl with MariaDB (and maybe with latest MySQL).

      Recently I discovered another difference in behavior of MariaDB's and MySQL's libmysqlclient:

      If I don't call mysql_ssl_set(), but have SSL options in the configuration file, SSL gets enabled with MySQL's, but does not with MariaDB's. It feels like use_ssl = TRUE should be executed in one more place.

      E. i. let's have this file:

      [foo]
      host = example.com
      ssl-cipher=AES128-SHA
      

      And do

      mysql_init(NULL);
      mysql_option(...); // Set option file and group
      mysql_real_connect(/* all NULLs */);
      // SSL enabled with MySQL's, disabled with MariaDB's
      

      I'd expect SSL enabled if any SSL option is set.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wlad Vladislav Vaintroub
              Reporter:
              ip1981 Igor Pashev
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: