Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-652

ssl is configured in a wrong way, but Maxscale can be started and works

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 1.4.1
    • 2.0.0
    • Core
    • None

    Description

      Put ssl configuration to router section instead of listener, for example (use ssl=required):

      [RW Split Router]
      		 
      type=service
      		 
      router= readwritesplit
      		 
      servers=server1,server2,server3,server4
      		 
      user=skysql
      		 
      passwd=skysql
      		 
      max_slave_connections=100%
      		 
      router_options=slave_selection_criteria=LEAST_CURRENT_OPERATIONS
      		 
      #filters=QLA
      		 
      ssl=required
      		 
      ssl_cert=//home/vagrant//certs/server-cert.pem
      		 
      ssl_key=//home/vagrant//certs/server-key.pem
      		 
      ssl_ca_cert=//home/vagrant//certs/ca.pem
      		 
      ssl_version=TLSv12

      • try to start Maxscale
      • try to connect to the defined router

      Expected result:

      • user notified about problem with ssl, connection can not be created without ssl

      Actual result:

      • Maxscale is stared succesfully
      • connection to the router can be created without ssl
      • user is unaware regarding unsecured connection
      • there are error messaged in the log (like "error : Unexpected parameter 'ssl_version' for object 'RW Split Router' of type 'service'.")

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. MXS-66 MaxScale should refuse to load modules if unexpected configuration options are found.

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-100 /etc/init.d/maxscale configtest

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              martin brampton martin brampton (Inactive)
              tturenko Timofey Turenko
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.