[MDEV-21562] SAN certificates not working (socat) Created: 2020-01-24  Updated: 2021-12-23

Status: Open
Project: MariaDB Server
Component/s: Galera SST
Affects Version/s: 10.4.11
Fix Version/s: 10.4

Type: Bug Priority: Major
Reporter: Frank Assignee: Julius Goryavsky
Resolution: Unresolved Votes: 0
Labels: None
Environment:

CentOS 7.7


 Description   

When using SAN certificates, the marabackup dump fails with:

E certificate is valid but its commonName does not match hostname

But on SAN certificates, the cn filed must be ignored and the SAN section of the cert must checked.

So

[sst]
 
encrypt=3
 
sst-syslog=1
 
tcert=PATH
 
tkey=PATH

Will work, but without verification.
But

[sst]
 
encrypt=3
 
sst-syslog=1
 
tcert=PATH
 
tkey=PATH
 
tca=PATH

fails.
So the only chance is to disable verification.


Generated at Thu Feb 08 09:08:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.