Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21562

SAN certificates not working (socat)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.4.11
    • Fix Version/s: 10.4
    • Component/s: Galera SST
    • Labels:
      None
    • Environment:
      CentOS 7.7

      Description

      When using SAN certificates, the marabackup dump fails with:

      E certificate is valid but its commonName does not match hostname
      

      But on SAN certificates, the cn filed must be ignored and the SAN section of the cert must checked.

      So

      [sst]
      encrypt=3
      sst-syslog=1
      tcert=PATH
      tkey=PATH
      

      Will work, but without verification.
      But

      [sst]
      encrypt=3
      sst-syslog=1
      tcert=PATH
      tkey=PATH
      tca=PATH
      

      fails.
      So the only chance is to disable verification.

        Attachments

          Activity

            People

            Assignee:
            jplindst Jan Lindström
            Reporter:
            mariaTux Frank
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration