Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
10.1.28
-
None
-
CentOS 7.2
Description
Folks,
Configuring a running MariaDB Cluster 10.1.28 with self-signed SSL certs with different CNs cause the SST break due to socat 1.7.3 which has extra certificate check introduced:
WSREP_SST: [INFO] Evaluating mbstream -c ${INFO_FILE} | socat -u stdio openssl-connect:192.168.50.15:4444,cert=/etc/my.cnf.d/certs/server-cert.pem,key=/etc/my.cnf.d/certs/server-key.pem,cafile=/etc/my.cnf.d/certs/ca-cert.pem; RC=( ${PIPESTATUS[@]} ) (20180313 21:08:36.885) |
2018/03/13 21:08:36 socat[25873] E certificate is valid but its commonName does not match hostname |
Is there any treatment that can be done to avoid this issue, adding, e.g. --verify=0?
After generating the certificates:
$ openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
|
server-cert.pem: OK
|
client-cert.pem: OK
|
Attachments
Issue Links
- relates to
-
MDEV-16219 mariadb ssl_rsa_setup maintenance tool with galera option would accelerate tls deployment on galera cluster
-
- Open
-