Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
None
Description
To be more user-friendly in a typical passwordless test environment, mariadb cli, will disable --ssl-verify-server-cert if
- --ssl-verify-server-cert was not enabled explicitly
- CA was not specified
- fingerprint was not specified
- protocol is TCP
- no password was provided
It'll also print a warning in this case
⸺ serg, https://jira.mariadb.org/browse/MDEV-31857?focusedCommentId=269674#comment-269674
Can we have this feature (or an equivalent, e.g., lifting limitations) in all clients so they match the mariadb CLI?
At least, can we have it in the internal client of the Replication IO Thread?
It'd be a significant convenience for MTR testing:
As shown by the breadth of MDEV-31857's patch, the majority don't want anything to do with authentication and privileges, so they connect with root passwordlessly.
But SSL Cert. Verification requires passwords.
While rpl_init.inc includes Master_SSL_Verify_Server_Cert=0, not all tests desire it, such as the multi_source and sys_vars suites.
Side note: Even the MTR internal check expects Master_SSL_Verify_Server_Cert to be No.
https://github.com/MariaDB/server/blob/mariadb-11.8.1/mysql-test/include/check-testcase.inc#L56
Attachments
Issue Links
- is caused by
-
-
- Closed
-
Generally test problems should be solved in tests, not in the production code.
Add master_ssl_verify_cert=0 to change master, for example.