[MDEV-19341] Make reloadable TLS system variables dynamic - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Won't Fix
Fix Version/s: N/A
Component/s: SSL, Variables
Labels:
- need_feedback

Description

With ~~MDEV-16266~~ implemented in 10.4, it seems like we have an opportunity to make certain SSL/TLS system variables dynamic.

It looks like FLUSH SSL uses the following variables to reload the TLS context:

ssl_cert
ssl_key
ssl_ca
ssl_capath
ssl_crl
ssl_crlpath
ssl_cipher

https://github.com/MariaDB/server/blob/mariadb-10.4.4/sql/mysqld.cc#L4735

https://github.com/MariaDB/server/blob/mariadb-10.4.4//vio/viosslfactories.c#L334

Can all of these variables be made dynamic in 10.4, as long as the system supports FLUSH SSL?

Attachments

Issue Links

relates to

MDEV-16266 Ability to Refresh SSL Cert / CRL Without Server Restart

Closed

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Geoff Montee (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-04-26 02:38

Updated:: 2023-01-13 12:11

Resolved:: 2019-04-30 10:55

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.