[MCOL-3542] Add option to not verify an SSL certificate Created: 2019-10-03  Updated: 2021-05-04  Resolved: 2021-05-04

Status: Closed
Project: MariaDB ColumnStore
Component/s: None
Affects Version/s: 1.4.0
Fix Version/s: 5.6.1

Type: Task Priority: Major
Reporter: Patrick LeBlanc (Inactive) Assignee: Ben Thompson (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Epic Link: ColumnStore S3 Improvements
Sprint: 2021-5, 2021-6, 2021-7

 Description   

Low hanging fruit.

We gave the 1.2.5 + S3 package to Patrice @ ABS (iirc?) to play with. It is not working for him b/c the S3 boxes he's using (some on-prem WD boxes that impl S3 protocol) have SSL certs that can't be verified.

Using the libmarias3 lib directly and setting S3NOVERIFY=1, he can interact with it. SM doesn't currently have the option to do that, but should have one. Just needs to know to init the S3 lib with that var or not, don't have to implement anything substantial.

 Comments   
Comment by patrice [ 2019-10-03 ]

the problem is not that the SSL cert can't be verified, it is the url construction that makes it not verifiable. constructing the url in the same way it is when using an IP would make it work. for reference : http://www.wryway.com/blog/aws-s3-url-styles/

Comment by Ben Thompson (Inactive) [ 2021-03-29 ]

Change should be made to storagemanager.cnf to support setting these option in libmarias3 via StorageManager
SM_USE_HTTP (default disabled – current default is https)
SM_SSL_VERIFY (default enabled)

Comment by Ben Thompson (Inactive) [ 2021-04-02 ]

cnf file options added:

  1. Setting use_http to 'enabled' for host to use http instead of https
  2. The default is use_http = disabled (https)
  3. use_http = enabled
  1. Setting ssl_verify to 'disabled' for how to not use SSL verification
  2. Default is ssl_verify = enabled
  3. ssl_verify = disabled
Generated at Thu Feb 08 02:43:29 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.