[MXS-1318] Use SSL_CTX_use_certificate_chain_file in Maxscale to use CA signed certificates - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.4
Fix Version/s: 2.1.5
Component/s: mariadbclient
Labels:
None

Description

Maxscale uses SSL_CTX_use_certificate_file in https://github.com/mariadb-corporation/MaxScale/blob/2.1/server/core/listener.c#L302 . This means it will read only the first file from the pem file specified. MariaDB server in contrast uses SSL_CTX_use_certificate_chain_file in https://github.com/MariaDB/server/blob/10.2/vio/viosslfactories.c#L113 . This loads the first cert in the file as the certificate and puts the rest in the chain store. As per the documentation of openssl here https://wiki.openssl.org/index.php/Manual:SSL_CTX_use_certificate(3) , the usage of SSL_CTX_use_certificate_file in maxscale can be safely replace by SSL_CTX_use_certificate_chain_file since hard coded type PEM is used for SSL_CTX_use_certificate_file.

Attachments

Activity

People

Assignee:: markus makela

Reporter:: Kyle Joiner (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-07-17 17:26

Updated:: 2024-07-07 17:40

Resolved:: 2017-07-24 16:14

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.