[MXS-4247] Listener created with encryption even if ssl=false is passed - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.21, 6.4.2
Fix Version/s: 6.4.3
Component/s: maxctrl
Labels:
None

Sprint:
MXS-SPRINT-165

Description

When a new listener is created, the 'ssl' parameter governs whether it will require TLS or not.

As this is an on/off toggle, it should be independent of any other parameter that carries a value.

However, when ssl=false is passed, but also a certificate is specified, then the listener is still created with ssl true. There's no reason for such behavior - the certificate may be specified for future use etc. Also, if the parameter is then manually changed in the config, MaxScale does not complain and runs the interface without encryption.

Test case:

maxctrl create listener service-10 listener-50001 50001 --interface=172.20.2.41 --protocol=mariadbclient ssl=false ssl_cert=/etc/example.com/certificate.pem ssl_key=/etc/example.com/key.pem ssl_ca_cert=/etc/example.com/ca.pem

cat /var/lib/maxscale/maxscale.cnf.d/listener-50001.cnf

[listener-50001]
address=172.20.2.41
port=50001
service=service-10
ssl=true
ssl_ca_cert=/etc/example.com/ca.pem
ssl_cert=/etc/example.com/certificate.pem
ssl_key=/etc/example.com/key.pem
type=listener

Attachments

Activity

People

Assignee:: markus makela

Reporter:: Assen Totin (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2022-08-19 12:35

Updated:: 2022-09-05 12:13

Resolved:: 2022-09-01 05:50

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.