Details
-
New Feature
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
When having multiple replication channels (or when changing what primary to replicate from often) and using two-way TLS the client certificate and CA files used as MASTER_SSL_* parameters in CHANGE MASTER TO will usually be the same and not change between connections to different primaries.
So it may make sense to be able to configure a client certificate to be used for all replication channels in a central place instead of having to add MASTER_SSL_CA, MASTER_SSL_CERT and MASTER_SSL_KEY (and maybe MASTER_SSL_VERIFY_SERVER_CERT, too) again and again each time a CHANGE MASTER TO is done.
E.g.:
replication_ssl_ca=...
|
replication_ssl_cert=...
|
replication_ssl_key=...
|
and maybe also an explicit MASTER_SSL_USE_DEFAULTS option to CHANGE MASTER to only use such default settings on demand.
Attachments
Issue Links
- relates to
-
MDEV-35584 11.4 relpica can't replicate form 10.6 master not configured for SSL using CHANGE MASTER default settings
- Open
-
MXS-4096 Binlog Routers SHOW SLAVE STATUS does not show SSL information
- Closed