Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19341

Make reloadable TLS system variables dynamic

    Details

      Description

      With MDEV-16266 implemented in 10.4, it seems like we have an opportunity to make certain SSL/TLS system variables dynamic.

      It looks like FLUSH SSL uses the following variables to reload the TLS context:

      • ssl_cert
      • ssl_key
      • ssl_ca
      • ssl_capath
      • ssl_crl
      • ssl_crlpath
      • ssl_cipher

      https://github.com/MariaDB/server/blob/mariadb-10.4.4/sql/mysqld.cc#L4735

      https://github.com/MariaDB/server/blob/mariadb-10.4.4//vio/viosslfactories.c#L334

      Can all of these variables be made dynamic in 10.4, as long as the system supports FLUSH SSL?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wlad Vladislav Vaintroub
                Reporter:
                GeoffMontee Geoff Montee
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: