Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23744

Unable to specify both client and server certificates.

    XMLWordPrintable

    Details

      Description

      With wsrep_sst_mariabackup, and sst encrypt 2 or 3 the role of donor or joiner controls if we are a listener or a connector.

      However the parameters tca, tpem, and tkey are not role specific, despite the fact that in some environments the client and server certificates are different for the same instance.

      This is further complicated by the possibility of those roles changing due to a failure and later recovery of the primary node in a cluster.

      It looks like a change to wsrep_sst_mariabackup to optionally allow for separate joiner and donor tca, tcert, and tkey values would be reasonable trivial.

      Would a patch to implement this be welcome? And if so, are there any preferred names for the options?

      (If not, I will likely implement it as ssl_client_key, ssl_client_ca, and ssl_client_cert, as well as ssl_server_key, ssl_server_ca, and ssl_server_cert.)

        Attachments

          Activity

            People

            Assignee:
            jplindst Jan Lindström
            Reporter:
            zelch Zephaniah Loss-Cutler-Hull
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: