Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Connector/C 3.4 (and new server versions) makes MYSQL_OPT_SSL_VERIFY_SERVER_CERT to be a default option. C/ODBC 3.2 is gonna be built on top of C/C 3.4, it makes sense to have the same defaults as new C/C and server versions.
This option be used by default can cause problems with some older server versions, for which users have to explicitly reset that option.
Attachments
Issue Links
- causes
-
ODBC-442 "Verify certificate" checkbox in TLS options of the setup dialog gets checket by default
-
- Closed
-
- is caused by
-
MDEV-31857 enable --ssl-verify-server-cert by default
-
- Closed
-
Activity
But even when an application does not configure any SSL options, the default now is to require an SSL connection. This was very confusing for me to see the zabbix DB socket connection start to fail with `[2026] TLS/SSL error: SSL is required, but the server does not support it` when I hadn't actually configured SSL in the zabbix server configuration.
See https://github.com/mariadb-corporation/mariadb-connector-c/blame/3.4/plugins/auth/my_auth.c#L294
If application is requesting encrypted conenction, certificate verification will be enforced, unless the option is reset explicitly