Details
-
Task
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Support for TLS SNI (“Server Name Indication”) in MariaDB would be a boon. OpenSSL and other TLS libraries make it pretty straightforward to do … would MariaDB consider adding support for this?
Preferably, please be flexible as to how to specify the logic for fetching the certificate for a given domain name.
Attachments
Issue Links
- relates to
-
MDEV-28906 MySQL 8.0 desired compatibility
-
- Open
-
ISTM an ideal SNI implementation can accommodate arbitrarily many domain names without making the server preload a certificate for each domain. Yet more ideally, allow server admins to specify custom lookup logic for each domain name—e.g., via a script.
The Pure-FTPd project has a protocol for SNI support that could be useful here:
https://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS
Maybe have a global variable `tls_sni_method` that can accept values: