[#MDEV-31289] command line client does not warn about invalid --tls-version arguments

[MDEV-31289] command line client does not warn about invalid --tls-version arguments Created: 2023-05-16 Updated: 2023-06-19
Status:	Open
Project:	MariaDB Server
Component/s:	None
Affects Version/s:	10.5.20, 10.10.4
Fix Version/s:	None

Type:

Bug

Priority:

Major

Reporter:

Hartmut Holzgraefe

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Description

The mariadb / mysql command line client allows to request a specific TLS version to use via the --tls-version command line parameter, but when giving an unknown value as parameter it just ignores the option silently.

This is especially problematic as:

version strings are case sensitive, TLSv1.1 works but tlsv1.1 doesn't
MariaDB server/clients and Maxscale do not agree on syntax, MariaDB server and clients expect a dot between major and minor version part, Maxscale doesn't and has TLSv11 instead of TLSv1.1

Suggested fixes:

make check case insensitive
make the dot optional so that maxscale style version strings also work
maybe also allow shorthands like v1.1 or just 1.1
IMPORTANT: bail out with an error, or at least throw a warning, when getting an invalid/unknown version string

Comments

Comment by Hartmut Holzgraefe [ 2023-05-16 ]

Only tested 10.5.20 and latest 10.10 so far, but this most likely affects all versions having the --tls-version option, up to 11.x

Comment by Sergei Golubchik [ 2023-06-19 ]

other --ssl* options don't report an error either, do they?

Generated at Thu Feb 08 10:22:43 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-31289] command line client does not warn about invalid --tls-version arguments Created: 2023-05-16 Updated: 2023-06-19