Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29903

FLUSH SSL does not issue any warning if new certificates are invalid

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Incomplete
    • 10.6
    • N/A
    • SSL
    • None

    Description

      When replacing the server certificate and key with a cert signed by a different CA than the one configured with ssl-ca there is no error or warning returned to the client that has executed the FLUSH SSL statement to re-read the certificate files, and no warning in the server error log either.

      So it looks as everything were OK, but the next client trying to connect via SSL will be greeted with

      ERROR 2026 (HY000): SSL connection error: authority and subject key identifier mismatch

      IMHO the user executing the FLUSH SSL should receive an error, or at least a warning, about the ca-cert / server-cert mismatch.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          hholzgra Hartmut Holzgraefe created issue -
          julien.fritsch Julien Fritsch made changes -
          Field Original Value New Value
          Fix Version/s 10.6 [ 24028 ]
          serg Sergei Golubchik made changes -
          Assignee Vladislav Vaintroub [ wlad ]
          serg Sergei Golubchik made changes -
          Fix Version/s 10.7 [ 24805 ]
          Fix Version/s 10.8 [ 26121 ]
          Fix Version/s 10.9 [ 26905 ]
          Fix Version/s 10.10 [ 27530 ]
          wlad Vladislav Vaintroub made changes -
          Affects Version/s 10.6 [ 24028 ]
          Affects Version/s 10.6.10 [ 28407 ]
          julien.fritsch Julien Fritsch made changes -
          Status Open [ 1 ] Needs Feedback [ 10501 ]
          hholzgra Hartmut Holzgraefe made changes -
          Assignee Vladislav Vaintroub [ wlad ] Hartmut Holzgraefe [ hholzgra ]
          julien.fritsch Julien Fritsch made changes -
          Fix Version/s N/A [ 14700 ]
          Fix Version/s 10.6 [ 24028 ]
          Fix Version/s 10.7 [ 24805 ]
          Fix Version/s 10.8 [ 26121 ]
          Fix Version/s 10.9 [ 26905 ]
          Fix Version/s 10.10 [ 27530 ]
          Resolution Incomplete [ 4 ]
          Status Needs Feedback [ 10501 ] Closed [ 6 ]
          mariadb-jira-automation Jira Automation (IT) made changes -
          Zendesk Related Tickets 181008

          People

            hholzgra Hartmut Holzgraefe
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.