[MXS-4718] Add replication_custom_options to enable replication TLS certification check - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 6.4.8, 23.02.3
Fix Version/s: 23.02.5, 23.08.2
Component/s: Monitor
Labels:
None

Sprint:
MXS-SPRINT-191, MXS-SPRINT-192

Description

Replication switchover and failover do not work when having replication set up to require two-way TLS by creating the replication user with REQUIRE x509.
Problem is that even with replication_master_ssl=true only adds MASTER_SSL=1 to the CHANGE_MASTER statement, but not MASTER_SSL_CERT etc.

As far as I understand it relies on these to be fetched from the MariaDB options file(s) as documented here:
https://mariadb.com/kb/en/replication-with-secure-connections/#setting-tls-client-options-in-an-option-file
but this does not work as documented, see ~~MDEV-31934~~, and so makes switchover fail in a setup requiring two-way TLS as the slave will not send a client certificate to the master.

Attachments

Issue Links

is caused by

MDEV-31934 CHANGE MASTER does not pick up TLS defaults from config file as documented

Closed

is duplicated by

MXS-4889 auto_rejoin with SSL replication fails setting the right parameters

Closed

relates to

MXS-4845 Maxscale: SSL certificates don't show up in SLAVE STATUS when Master rejoins after being Down

Closed

Activity

People

Assignee:: Esa Korhonen

Reporter:: Hartmut Holzgraefe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-08-16 13:24

Updated:: 2023-12-11 08:19

Resolved:: 2023-10-16 11:26

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.