Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-1318

Use SSL_CTX_use_certificate_chain_file in Maxscale to use CA signed certificates

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.1.4
    • 2.1.5
    • mariadbclient
    • None

    Description

      Maxscale uses SSL_CTX_use_certificate_file in https://github.com/mariadb-corporation/MaxScale/blob/2.1/server/core/listener.c#L302 . This means it will read only the first file from the pem file specified. MariaDB server in contrast uses SSL_CTX_use_certificate_chain_file in https://github.com/MariaDB/server/blob/10.2/vio/viosslfactories.c#L113 . This loads the first cert in the file as the certificate and puts the rest in the chain store. As per the documentation of openssl here https://wiki.openssl.org/index.php/Manual:SSL_CTX_use_certificate(3) , the usage of SSL_CTX_use_certificate_file in maxscale can be safely replace by SSL_CTX_use_certificate_chain_file since hard coded type PEM is used for SSL_CTX_use_certificate_file.

      Attachments

        Activity

          People

            markus makela markus makela
            kjoiner Kyle Joiner (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.