Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19341

Make reloadable TLS system variables dynamic

    XMLWordPrintable

    Details

      Description

      With MDEV-16266 implemented in 10.4, it seems like we have an opportunity to make certain SSL/TLS system variables dynamic.

      It looks like FLUSH SSL uses the following variables to reload the TLS context:

      • ssl_cert
      • ssl_key
      • ssl_ca
      • ssl_capath
      • ssl_crl
      • ssl_crlpath
      • ssl_cipher

      https://github.com/MariaDB/server/blob/mariadb-10.4.4/sql/mysqld.cc#L4735

      https://github.com/MariaDB/server/blob/mariadb-10.4.4//vio/viosslfactories.c#L334

      Can all of these variables be made dynamic in 10.4, as long as the system supports FLUSH SSL?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wlad Vladislav Vaintroub
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: