[MDEV-30178] Error message when 'require_secure_transport' is enabled should be more explict - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Trivial
Resolution: Fixed
Fix Version/s: 11.2.1
Component/s: SSL
Labels:
- beginner-friendly

Description

'require_secure_transport' is introduced since 10.4 Enterprise

https://mariadb.com/docs/skysql/ref/mdb/system-variables/require_secure_transport/

When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS, Unix sockets or named pipes.

However the error message emitted when connection s refused is not at all explanatory. If this variable is enabled and a client tries to connect without encryption, following error message will be seen:

ERROR 1045 (28000): Access denied for user '<user>'@'localhost' (using password: [YES|NO])

It does not provide any useful information to suggest user to connect with encryption, neither does it mention the related parameter 'require_secure_transport'.

The equivalent message from MySQL for example contains more information:

MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.

It would be beneficial to change this error message in MariaDB to reflect that the variable is enabled and to suggest user to use encrypted connection.

Attachments

Issue Links

causes

MDEV-32123 require_secure_transport doesn't allow TCP connections

Closed

Activity

People

Assignee:: Daniel Black

Reporter:: Tingyao Nian

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2022-12-08 17:56

Updated:: 2023-09-07 16:54

Resolved:: 2023-07-25 15:37

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.