Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-5976

Select TLS certificate based on the SNI value

    XMLWordPrintable

Details

    • New Feature
    • Status: Needs Feedback (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None
    • MXS-CAPACITY-26-1

    Description

      Add support for multiple TLS certificates for a listener and select the certificate based on the SNI value that the client sends. If no SNI value is sent, use the default TLS certificate.

      The certificates should be defined by a certificate directory option from where they are loaded. The matching of the certificate to the SNI value should be done based on the certificate itself and not the filename.

      Implementation wise, the certificate can be selected inside the callback set by the SSL_CTX_set_tlsext_servername_callback function.

      A related feature is the ability to then select which service is used that's also based on the SNI value. For this, see MXS-6010.

      Attachments

        Issue Links

          includes

          New Feature - A new feature of the product, which has yet to be developed. MXS-5990 Set TLS Server Name Indication for backend connections

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-6010 Route queries based on TLS SNI

          • Major - Major loss of function.
          • Open
          is blocked by

          Task - A task that needs to be done. MXS-6088 Clarify MXS-5976 requirements

          • Major - Major loss of function.
          • Closed
          relates to

          New Feature - A new feature of the product, which has yet to be developed. CONC-795 SNI TLS support

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. CONJ-1282 SNI TLS support

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. CONJS-327 SNI TLS support

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MDEV-10658 Support TLS SNI in MariaDB

          • Major - Major loss of function.
          • Open

          Activity

            People

              markus makela markus makela
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.