Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16266

Ability to Refresh SSL Cert / CRL Without Server Restart

Details

    Description

      Background

      When we need to update server SSL certs for renewal, we have to restart the mariadb server. This can be problematic for production servers where we do not frequently restart the service. This is particularly acute when using short-lived certs such as those provided by LetsEncrypt.

      Cert Renewals will be less disruptive it is is possible to issue a command to mariadb server to make the server reload the server certificate and/or CRL, as needed.

      A similar case is open for MySQL (refer: https://bugs.mysql.com/bug.php?id=75404), but does not appear to have gained traction.

      Acceptance Criteria

      • Ability added to flush server SSL certificates, without requiring a server restart.
      • Ability added to flush server CRL, without requiring server restart.

      Raised this as a task, as I can't raise it as a feature request...
      Thanks.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-19168 mysqladmin implement --flush-ssl

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Task - A task that needs to be done. MDEV-19341 Make reloadable TLS system variables dynamic

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-3128 Cannot refresh SSL Certificates without a restart

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-3197 Ability to refresh SSL certificates without MaxScale restart

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONJ-670 MariaDB java connector ability to Refresh SSL certificate

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            stephen.hames Stephen Hames created issue -
            ralf.gebhardt Ralf Gebhardt made changes -
            Field Original Value New Value
            Fix Version/s 10.4 [ 22408 ]
            serg Sergei Golubchik made changes -
            Priority Minor [ 4 ] Major [ 3 ]
            julien.fritsch Julien Fritsch made changes -
            julien.fritsch Julien Fritsch made changes -
            julien.fritsch Julien Fritsch made changes -
            Epic Link PT-73 [ 68549 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Rank Ranked higher
            bar Alexander Barkov added a comment - - edited

            Hi ralf.gebhardt, I can try. When is the deadline?

            bar Alexander Barkov added a comment - - edited Hi ralf.gebhardt , I can try. When is the deadline?
            serg Sergei Golubchik made changes -
            Assignee Vladislav Vaintroub [ wlad ]
            wlad Vladislav Vaintroub made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            wlad Vladislav Vaintroub made changes -
            Assignee Vladislav Vaintroub [ wlad ] Sergei Golubchik [ serg ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ] Vladislav Vaintroub [ wlad ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            wlad Vladislav Vaintroub made changes -
            issue.field.resolutiondate 2018-12-12 21:59:29.0 2018-12-12 21:59:29.06
            wlad Vladislav Vaintroub made changes -
            Fix Version/s 10.4.1 [ 23228 ]
            Fix Version/s 10.4 [ 22408 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            stephen.hames Stephen Hames added a comment -

            Thanks for adding this.

            It is much appreciated!

            stephen.hames Stephen Hames added a comment - Thanks for adding this. It is much appreciated!
            diego dupin Diego Dupin made changes -
            azurit azurit added a comment - - edited

            Could this be backported to older versoins? Ideally all up from 10.1 or at least 10.2. Thanks.

            azurit azurit added a comment - - edited Could this be backported to older versoins? Ideally all up from 10.1 or at least 10.2. Thanks.
            danblack Daniel Black made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            dalmeida Daniel Almeida (Inactive) made changes -
            markus makela markus makela made changes -
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 87413 ] MariaDB v4 [ 133552 ]
            serg Sergei Golubchik made changes -

            People

              wlad Vladislav Vaintroub
              stephen.hames Stephen Hames
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.