Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4950

Support client side ephemeral certificates

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 24.02.0
    • 25.08.0
    • mariadbclient
    • None
    • MXS-SPRINT-216

    Description

      Add support for sending ephemeral certificate fingerprint digest to client. More details in https://mariadb.org/mission-impossible-zero-configuration-ssl

      If a MaxScale listener has `ssl=1` but both `ssl_key` and `ssl_cert` are unset, MaxScale should generate the key and certificate during startup and keep it stored in memory. The certificate is used when communicating with clients. If client accepts the certificate (no clients currently support this) and sends correct password, MaxScale then sends a hash of the password and certificate to the client to prove that it knows the client's password hash. If client password is empty, MaxScale should not send the hash.

      Attachments

        Issue Links

          Activity

            People

              esa.korhonen Esa Korhonen
              esa.korhonen Esa Korhonen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.