Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2980

maxctrl not using SSL/TLS in interactive mode

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.9
    • Fix Version/s: 2.3.20, 2.4.10
    • Component/s: maxctrl
    • Labels:
      None

      Description

      When passing a command to maxctrl directly on the command line, communicating with a maxscale instance with admin_ssl_* enabled works fine.

      When using interactive mode, any ssl/tls options seem to be ignored though, and maxctrl sends commands in the clear, as can be verified by tracking maxscale system calls with strace, and clearly seeing cleartext "GET /" being received right after a new connection comes in, instead of starting with the TLS handshake ...

      So this works fine:

      $ maxctrl -s --tls-key=/vagrant/files/ssl/client-key.pem --tls-cert=/vagrant/files/ssl/client-cert.pem --tls-ca-cert=/vagrant/files/ssl/ca-cert.pem list servers
      ┌─────────┬───────────┬──────┬─────────────┬───────┬──────┐
      │ Server  │ Address   │ Port │ Connections │ State │ GTID │
      ├─────────┼───────────┼──────┼─────────────┼───────┼──────┤
      │ server1 │ 10.0.2.15 │ 3306 │ 0           │ Down  │      │
      └─────────┴───────────┴──────┴─────────────┴───────┴──────┘
      

      While this doesn't:

      $ maxctrl -s --tls-key=/vagrant/files/ssl/client-key.pem --tls-cert=/vagrant/files/ssl/client-cert.pem --tls-ca-cert=/vagrant/files/ssl/ca-cert.pem
       maxctrl list servers
      Error: {
          "code": "ECONNRESET"
      }
       maxctrl 
      

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            hholzgra Hartmut Holzgraefe
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration