Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10246

ssl-* have no effect without mysql_ssl_set()

    Details

      Description

      Preamble.

      mysql cli was known for "ignoring" --ssl option on its own. If someone needed to enable SSL on client side they had to specify any other ssl option, e. g. --ssl-cipher=AES128-SHA. This was fixed in MariaDB, I guess by mysql_ssl_set() setting use_ssl = TRUE unconditionally. Thus we now can use mysql --ssl with MariaDB (and maybe with latest MySQL).

      Recently I discovered another difference in behavior of MariaDB's and MySQL's libmysqlclient:

      If I don't call mysql_ssl_set(), but have SSL options in the configuration file, SSL gets enabled with MySQL's, but does not with MariaDB's. It feels like use_ssl = TRUE should be executed in one more place.

      E. i. let's have this file:

      [foo]
      host = example.com
      ssl-cipher=AES128-SHA
      

      And do

      mysql_init(NULL);
      mysql_option(...); // Set option file and group
      mysql_real_connect(/* all NULLs */);
      // SSL enabled with MySQL's, disabled with MariaDB's
      

      I'd expect SSL enabled if any SSL option is set.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wlad Vladislav Vaintroub
                Reporter:
                ip1981 Igor Pashev
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: