Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30178

Error message when 'require_secure_transport' is enabled should be more explict

    XMLWordPrintable

Details

    Description

      'require_secure_transport' is introduced since 10.4 Enterprise

      https://mariadb.com/docs/skysql/ref/mdb/system-variables/require_secure_transport/

      When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS, Unix sockets or named pipes.

      However the error message emitted when connection s refused is not at all explanatory. If this variable is enabled and a client tries to connect without encryption, following error message will be seen:

      ERROR 1045 (28000): Access denied for user '<user>'@'localhost' (using password: [YES|NO])
      

      It does not provide any useful information to suggest user to connect with encryption, neither does it mention the related parameter 'require_secure_transport'.

      The equivalent message from MySQL for example contains more information:

      MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.
      

      It would be beneficial to change this error message in MariaDB to reflect that the variable is enabled and to suggest user to use encrypted connection.

      Attachments

        Issue Links

          Activity

            People

              danblack Daniel Black
              Tingynia Tingyao Nian
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.