[MDEV-10246] ssl-* have no effect without mysql_ssl_set() - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.1.14
Fix Version/s: 5.5.61, 10.0.36, 10.1.34
Component/s: Scripts & Clients
Labels:
- upstream-fixed

Description

Preamble.

mysql cli was known for "ignoring" --ssl option on its own. If someone needed to enable SSL on client side they had to specify any other ssl option, e. g. --ssl-cipher=AES128-SHA. This was fixed in MariaDB, I guess by mysql_ssl_set() setting use_ssl = TRUE unconditionally. Thus we now can use mysql --ssl with MariaDB (and maybe with latest MySQL).

Recently I discovered another difference in behavior of MariaDB's and MySQL's libmysqlclient:

If I don't call mysql_ssl_set(), but have SSL options in the configuration file, SSL gets enabled with MySQL's, but does not with MariaDB's. It feels like use_ssl = TRUE should be executed in one more place.

E. i. let's have this file:

[foo]

host = example.com

ssl-cipher=AES128-SHA

And do

mysql_init(NULL);

mysql_option(...); // Set option file and group

mysql_real_connect(/* all NULLs */);

// SSL enabled with MySQL's, disabled with MariaDB's

I'd expect SSL enabled if any SSL option is set.

Attachments

Issue Links

causes

MDEV-16396 Perl's DBD::MySQL does not read SSL settings from [client] configuration group with MariaDB libmysqlclient.so

Closed

is caused by

MDEV-7937 Enforce SSL when --ssl client option is used

Closed

relates to

CONC-340 ssl-* options in config have no effect without calling mysql_ssl_set()

Closed

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Igor Pashev

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2016-06-17 08:08

Updated:: 2018-06-07 23:02

Resolved:: 2018-06-06 18:31

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.