Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14091

Support for passphrase protected keys

    XMLWordPrintable

Details

    • 10.3.3-1

    Description

      When using a password-protected key, MariaDB server can not start because the server waits for a key to be entered:

      Enter PEM pass phrase:

      Since this doesn't work if server is started as a service or as background process, an additional option --ssl-passphrase should be implemented (as in Connector/C).

      Update, 17 Feb 2025

      We take OpenSSL approach, where --passin/passout parameters to the command line tool can specify a file ("file:" prefix), environment variable ("env:" prefix) , clear-text password("pass:" prefix)

      Note, that if ssl_passphrase is reevaluated on FLUSH SSL. That means for file-based passphrase (ssl_passphrase=file:/path/to/pass.txt), that the file will be re-read during FLUSH SSL.

      Attachments

        Issue Links

          blocks

          New Feature - A new feature of the product, which has yet to be developed. MXS-4102 Support for passphrase protected certificate keys

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-17290 Mechanism for encrypting ssl_key

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              wlad Vladislav Vaintroub
              georg Georg Richter
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.