Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18531

Use WolfSSL instead of YaSSL as "bundled" SSL

Details

    Description

      YaSSL is out of support for several years. Newest TLS (e.g 1.2) does not work with it

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. MDEV-19542 Disable SSLv3 and TLSv1.0 by default

          • Major - Major loss of function.
          • Closed
          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19582 Out-of-bounds memory accesses by WolfSSL

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19604 WolfSSL breaks binlog_encryption.binlog_incident

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22487 Server prints "Please supply a buffer for error string" instead of actual error string with wolfSSL

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. MDEV-19578 Test whether file_key_management_encryption_algorithm=AES_CTR works properly with wolfSSL

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-23663 HAVE_INTEL_RDRAND is not enabled in the bundled WolfSSL

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-24514 WITH_MSAN is disabling WOLFSSL_AESNI acceleration

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-10726 Official Windows builds do not support TLS 1.2

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-10953 Replace yassl

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-16475 Remove yassl

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21705 Source embedded WolfSSL crashes mysqld on s390x

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Task - A task that needs to be done. MDEV-26758 Make libmariadb run under MSAN

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            wlad Vladislav Vaintroub created issue -
            wlad Vladislav Vaintroub made changes -
            Field Original Value New Value
            Status Open [ 1 ] In Progress [ 3 ]
            wlad Vladislav Vaintroub added a comment -

            the patches are in https://github.com/MariaDB/server/tree/bb-10.4-wlad-wolfssl

            wlad Vladislav Vaintroub added a comment - the patches are in https://github.com/MariaDB/server/tree/bb-10.4-wlad-wolfssl
            wlad Vladislav Vaintroub made changes -
            Assignee Vladislav Vaintroub [ wlad ] Sergei Golubchik [ serg ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ] Vladislav Vaintroub [ wlad ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            wlad Vladislav Vaintroub made changes -
            issue.field.resolutiondate 2019-05-22 12:18:34.0 2019-05-22 12:18:34.132
            wlad Vladislav Vaintroub made changes -
            Fix Version/s 10.4.6 [ 23412 ]
            Fix Version/s 10.4 [ 22408 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            serg Sergei Golubchik made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            marko Marko Mäkelä made changes -
            marko Marko Mäkelä made changes -
            marko Marko Mäkelä made changes -
            marko Marko Mäkelä made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            marko Marko Mäkelä made changes -
            otto Otto Kekäläinen added a comment -

            In Ubuntu 20.04 we have MariaDB 10.3 and it does not have any functional TLS since Ubuntu 20.04 mandates TLSv1.2 at minimum, and the bundled YaSSL/WolfSSL only supports up to TLSv.1.1: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/1885632

            Should I backport https://github.com/mariadb/server/commit/5e4b657dd44dce601c91bc77a41f6e382bc32000 to MariaDB 10.3 in Ubuntu?

            otto Otto Kekäläinen added a comment - In Ubuntu 20.04 we have MariaDB 10.3 and it does not have any functional TLS since Ubuntu 20.04 mandates TLSv1.2 at minimum, and the bundled YaSSL/WolfSSL only supports up to TLSv.1.1: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/1885632 Should I backport https://github.com/mariadb/server/commit/5e4b657dd44dce601c91bc77a41f6e382bc32000 to MariaDB 10.3 in Ubuntu?
            wlad Vladislav Vaintroub added a comment -

            otto, This question is best asked on mailing list. As far as I understand, this would be a break of policy , no new features in old releases.

            wlad Vladislav Vaintroub added a comment - otto , This question is best asked on mailing list. As far as I understand, this would be a break of policy , no new features in old releases.
            otto Otto Kekäläinen added a comment -

            I marked https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/1885632 "won't fix" now, as I don't have the bandwidth to do all the communication required to coordinate such an upload to Ubuntu stable updates.

            otto Otto Kekäläinen added a comment - I marked https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/1885632 "won't fix" now, as I don't have the bandwidth to do all the communication required to coordinate such an upload to Ubuntu stable updates.
            marko Marko Mäkelä made changes -
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 92406 ] MariaDB v4 [ 133856 ]

            People

              wlad Vladislav Vaintroub
              wlad Vladislav Vaintroub
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.