Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30178

Error message when 'require_secure_transport' is enabled should be more explict

    XMLWordPrintable

Details

    Description

      'require_secure_transport' is introduced since 10.4 Enterprise

      https://mariadb.com/docs/skysql/ref/mdb/system-variables/require_secure_transport/

      When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS, Unix sockets or named pipes.

      However the error message emitted when connection s refused is not at all explanatory. If this variable is enabled and a client tries to connect without encryption, following error message will be seen:

      ERROR 1045 (28000): Access denied for user '<user>'@'localhost' (using password: [YES|NO])
      

      It does not provide any useful information to suggest user to connect with encryption, neither does it mention the related parameter 'require_secure_transport'.

      The equivalent message from MySQL for example contains more information:

      MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.
      

      It would be beneficial to change this error message in MariaDB to reflect that the variable is enabled and to suggest user to use encrypted connection.

      Attachments

        Activity

          People

            Unassigned Unassigned
            Tingynia Tingyao Nian
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.