[#CONJ-128] MySQLProtocol should support sslServerCert

[CONJ-128] MySQLProtocol should support sslServerCert Created: 2014-12-12 Updated: 2014-12-16 Resolved: 2014-12-16
Status:	Closed
Project:	MariaDB Connector/J
Component/s:	None
Affects Version/s:	1.1.7
Fix Version/s:	1.1.8

Type:

Bug

Priority:

Major

Reporter:

Frank Kline

Assignee:

Georg Richter

Resolution:

Not a Bug

Votes:

Labels:

None

Description

Within MySQLProtocol, the "useSsl" flag can be used alongside "trustServerCertificate". This should support "sslServerCert" to provide the valid server certificate.

As discussed in recent high profile attack vector against YikYak http://silverskylabs.github.io/yakhak/ using an ignore verifier is a security vulnerability.

Comments

Comment by Vladislav Vaintroub [ 2014-12-13 ]

What is the bug?

useSsL + trustServerCert - no verification happens.
useSsL + sslServerCert - then verification happens against this specific cert
Just "useSsl" - default JDK verification happens

there are 3 variations on verification theme, is it not exhaustive enough?

Comment by Frank Kline [ 2014-12-15 ]

Thank you - please close. This was caused by a certificate path error on our side coupled with a misunderstanding of where/how it was being loaded.

Generated at Thu Feb 08 03:13:22 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONJ-128] MySQLProtocol should support sslServerCert Created: 2014-12-12 Updated: 2014-12-16 Resolved: 2014-12-16