[CONC-158] SSL tasks Created: 2016-02-15  Updated: 2016-03-16

Status: Open
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: 3.0.0
Fix Version/s: None

Type: Task Priority: Major
Reporter: Georg Richter Assignee: Georg Richter
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-9553 TLS/SSL tasks Stalled

 Description   

merge mandatory changes from MDEV-9553 fixes
Change schannel implementation (storing CRL's and CA's in in-memory cert store)

 Comments   
Comment by Georg Richter [ 2016-03-15 ]

Proposal for new TLS options

  • MARIADB_OPT_TLS_PEER_NAME (char *)- peer name to be used. If this value is not set, then the name is guessed based on the hostname used for the connection
  • MARIADB_OPT_TLS_VERIFY_PEER (boolean) - Require validation of peer certificate (default TRUE)
  • MARIADB_OPT_TLS_VERIFY_PEER_NAME (boolean) - Require verification of peer name
  • MARIADB_OPT_TLS_ALLOW_SELF_SIGNED (boolean) - allow self signed certificates (default FALSE)
  • MARIADB_OPT_TLS_VERIFY_DEPTH (integer) - abort if the certificate chain is too deep (default 0)
  • MARIADB_OPT_TLS_VERSION (char *) - specifies supported TLS versions (TLSv1, TLSv1.1, TLSv1.2) (default "TLSv1,TLSv1.1,TLSv1.2)
  • MARIADB_OPT_TLS_VERIFY_PEER_FP
  • MARIADB_OPT_TLS_VERIFY_PEER_FP_LIST (char *) - verify finger print of peer certificate
  • MARIADB_OPT_TLS_SESSION_CACHE_SIZE (integer *) - size of session cache (default 0)
Generated at Thu Feb 08 03:03:18 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.