Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25359

Improve mariabackup SST script compliance with native MariaDB SSL practicies

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.5, 10.2(EOL), 10.3(EOL), 10.4(EOL)
    • 10.6.0
    • Galera
    • None

    Description

      • Pass joiner's authentication information to donor together with address in State Transfer Request. This allows joiner to authenticate donor on connection. Previously joiner would accept data from anywhere.
      • Deprecate custom SSL configuration variables tca, tcert and tkey in favor of more familiar ssl-ca, ssl-cert and ssl-key. For backward compatibility tca, tcert and tkey are still supported.
      • Allow falling back to server-wide SSL configuration in [mysqld] if no SSL configuration is found in [sst] section of the config file.
      • Introduce ssl-mode variable in [sst] section that takes standard values and has following effects:
        • old-style SSL configuration present in [sst]: no effect
        • otherwise:
        • ssl-mode=DISABLED or absent: retains old, backward compatible behavior and ignores any other SSL configuration
        • ssl-mode=VERIFY*: verify joiner's certificate and CN on donor, verify donor's secret on joiner (passed to donor via State Transfer Request)
        • BACKWARD INCOMPATIBLE BEHAVIOR
        • anything else enables new SSL configuration conventions but does not require verification ssl-mode should be set to VERIFY only in a fully upgraded cluster.

      Attachments

        Issue Links

          Activity

            People

              jplindst Jan Lindström (Inactive)
              jplindst Jan Lindström (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.