Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29903

FLUSH SSL does not issue any warning if new certificates are invalid

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Incomplete
    • 10.6
    • N/A
    • SSL
    • None

    Description

      When replacing the server certificate and key with a cert signed by a different CA than the one configured with ssl-ca there is no error or warning returned to the client that has executed the FLUSH SSL statement to re-read the certificate files, and no warning in the server error log either.

      So it looks as everything were OK, but the next client trying to connect via SSL will be greeted with

      ERROR 2026 (HY000): SSL connection error: authority and subject key identifier mismatch

      IMHO the user executing the FLUSH SSL should receive an error, or at least a warning, about the ca-cert / server-cert mismatch.

      Attachments

        Activity

          People

            hholzgra Hartmut Holzgraefe
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.