Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34730

Validation of SSL server certificate fails with non-selfsigned certificate

Details

    Description

      We are using wildcard certificate and we are getting error, while connecting to localhost or even connecting to UNIX socket.

      ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
      

      There is no problem when we disable ssl_key, ssl_cert and ssl_ca settings and server is generating selfsigned cert. (but this will break old clients certificate validation?)

      Why localhost connection is validating certificate?
      Why UNIX socket connection is validating certificate?
      Why UNIX socket connection using SSL?

      Attachments

        Issue Links

          Activity

            BB Silver Asu created issue -
            BB Silver Asu made changes -
            Field Original Value New Value
            Description We are using wildcard certificate and we are getting error, while connecting to localhost or even connecting to UNIX socket.
            {code:java}
            ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
            {code}
            There is no problem when we disable ssl_key, ssl_cert, ssl_ca settings and server is generating selfsigned cert. (but this will break old clients certificate validation?)

            Why localhost connection is validating certificate?
            Why UNIX socket connection is validating certificate?
            We are using wildcard certificate and we are getting error, while connecting to localhost or even connecting to UNIX socket.
            {code:java}
            ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
            {code}
            There is no problem when we disable ssl_key, ssl_cert and ssl_ca settings and server is generating selfsigned cert. (but this will break old clients certificate validation?)

            Why localhost connection is validating certificate?
            Why UNIX socket connection is validating certificate?
            BB Silver Asu made changes -
            Description We are using wildcard certificate and we are getting error, while connecting to localhost or even connecting to UNIX socket.
            {code:java}
            ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
            {code}
            There is no problem when we disable ssl_key, ssl_cert and ssl_ca settings and server is generating selfsigned cert. (but this will break old clients certificate validation?)

            Why localhost connection is validating certificate?
            Why UNIX socket connection is validating certificate?
            We are using wildcard certificate and we are getting error, while connecting to localhost or even connecting to UNIX socket.
            {code:java}
            ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
            {code}
            There is no problem when we disable ssl_key, ssl_cert and ssl_ca settings and server is generating selfsigned cert. (but this will break old clients certificate validation?)

            Why localhost connection is validating certificate?
            Why UNIX socket connection is validating certificate?
            Why UNIX socket connection using SSL?
            BB Silver Asu made changes -
            Component/s Scripts & Clients [ 11002 ]
            serg Sergei Golubchik made changes -
            Priority Major [ 3 ] Blocker [ 1 ]
            serg Sergei Golubchik made changes -
            Assignee Georg Richter [ georg ]
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            Fix Version/s 11.4 [ 29301 ]
            serg Sergei Golubchik made changes -
            Status Open [ 1 ] Confirmed [ 10101 ]
            serg Sergei Golubchik made changes -
            Fix Version/s 11.4.4 [ 29907 ]
            Fix Version/s 11.6.2 [ 29908 ]
            Fix Version/s 11.4 [ 29301 ]
            Resolution Fixed [ 1 ]
            Status Confirmed [ 10101 ] Closed [ 6 ]
            noonedeadpunk Dmitriy Rabotyagov made changes -

            People

              georg Georg Richter
              BB Silver Asu
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.