Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23744

Unable to specify both client and server certificates.

    XMLWordPrintable

Details

    Description

      With wsrep_sst_mariabackup, and sst encrypt 2 or 3 the role of donor or joiner controls if we are a listener or a connector.

      However the parameters tca, tpem, and tkey are not role specific, despite the fact that in some environments the client and server certificates are different for the same instance.

      This is further complicated by the possibility of those roles changing due to a failure and later recovery of the primary node in a cluster.

      It looks like a change to wsrep_sst_mariabackup to optionally allow for separate joiner and donor tca, tcert, and tkey values would be reasonable trivial.

      Would a patch to implement this be welcome? And if so, are there any preferred names for the options?

      (If not, I will likely implement it as ssl_client_key, ssl_client_ca, and ssl_client_cert, as well as ssl_server_key, ssl_server_ca, and ssl_server_cert.)

      Attachments

        Activity

          People

            sysprg Julius Goryavsky
            zelch Zephaniah Loss-Cutler-Hull
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.