Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4247

Listener created with encryption even if ssl=false is passed

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.5.21, 6.4.2
    • 6.4.3
    • maxctrl
    • None
    • MXS-SPRINT-165

    Description

      When a new listener is created, the 'ssl' parameter governs whether it will require TLS or not.

      As this is an on/off toggle, it should be independent of any other parameter that carries a value.

      However, when ssl=false is passed, but also a certificate is specified, then the listener is still created with ssl true. There's no reason for such behavior - the certificate may be specified for future use etc. Also, if the parameter is then manually changed in the config, MaxScale does not complain and runs the interface without encryption.

      Test case:

      maxctrl create listener service-10 listener-50001 50001 --interface=172.20.2.41 --protocol=mariadbclient ssl=false ssl_cert=/etc/example.com/certificate.pem ssl_key=/etc/example.com/key.pem ssl_ca_cert=/etc/example.com/ca.pem

      cat /var/lib/maxscale/maxscale.cnf.d/listener-50001.cnf

      [listener-50001]
      address=172.20.2.41
      port=50001
      service=service-10
      ssl=true
      ssl_ca_cert=/etc/example.com/ca.pem
      ssl_cert=/etc/example.com/certificate.pem
      ssl_key=/etc/example.com/key.pem
      type=listener

      Attachments

        Activity

          People

            markus makela markus makela
            assen.totin Assen Totin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.