[MDEV-31856] use ephemeral ssl certificates - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Fix Version/s: 11.4.1
Component/s: SSL
Labels:
- Preview_11.3

Description

Enable SSL in the server by default.

Implement ephemeral ssl certificates — if SSL is enabled but no certificates are provided by the user, let the server generate certificates in memory and use them.

FLUSH SSL should either regenerate them or simply fail or do nothing.

Attachments

Issue Links

blocks

MDEV-31857 enable --ssl-verify-server-cert by default

Closed

causes

MDEV-32210 Ephemeral certificate missing DN

Closed

MDEV-32229 Memory leaks while using ephemeral certificates

Closed

MDEV-33430 Command line client error ERROR 2026 (HY000): TLS/SSL error: Server certificate validation failed. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Error 0x800B0109(CERT_E_UNTRUSTEDROOT)

Closed

MDEV-33592 Self-signed certificates are x509 Version 1, which are rejected by some TLS libraries

Closed

is blocked by

MDEV-31855 validate ssl certificates using client password

Closed

relates to

MDEV-33482 WolfSSL's math is unnecessarily slow

Closed

MDEV-34372 Starting MariaDB failed with illegal instruction in WolfSSL

Closed

(1 is blocked by, 2 relates to)

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2023-08-05 16:46

Updated:: 2024-06-19 19:37

Resolved:: 2024-02-05 10:15

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.