Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-1318

Use SSL_CTX_use_certificate_chain_file in Maxscale to use CA signed certificates

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.4
    • Fix Version/s: 2.1.5
    • Component/s: mariadbclient
    • Labels:
      None

      Description

      Maxscale uses SSL_CTX_use_certificate_file in https://github.com/mariadb-corporation/MaxScale/blob/2.1/server/core/listener.c#L302 . This means it will read only the first file from the pem file specified. MariaDB server in contrast uses SSL_CTX_use_certificate_chain_file in https://github.com/MariaDB/server/blob/10.2/vio/viosslfactories.c#L113 . This loads the first cert in the file as the certificate and puts the rest in the chain store. As per the documentation of openssl here https://wiki.openssl.org/index.php/Manual:SSL_CTX_use_certificate(3) , the usage of SSL_CTX_use_certificate_file in maxscale can be safely replace by SSL_CTX_use_certificate_chain_file since hard coded type PEM is used for SSL_CTX_use_certificate_file.

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            kjoiner Kyle Joiner
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration