[MDEV-7937] Enforce SSL when --ssl client option is used Created: 2015-04-08 Updated: 2018-06-05 Resolved: 2015-06-09 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | SSL |
| Fix Version/s: | 5.5.44 |
| Type: | Task | Priority: | Critical |
| Reporter: | Nirbhay Choubey (Inactive) | Assignee: | Vicențiu Ciorbaru |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | SUSE | ||
| Issue Links: |
|
||||||||
| Sprint: | 5.5.44 | ||||||||
| Description |
|
--ssl client options are currently "advisory". Fixed in 5.7.3 : http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html https://bugzilla.suse.com/show_bug.cgi?id=924663 |
| Comments |
| Comment by Sergei Golubchik [ 2015-05-28 ] |
|
as discussed in emails, let's keep --ssl as is and fix CLIENT_SSL_VERIFY_SERVER_CERT instead. |
| Comment by Sergei Golubchik [ 2015-05-29 ] |
|
Another option would be to make CLIENT_SSL_VERIFY_SERVER_CERT enabled by default and make --ssl to be required if CLIENT_SSL_VERIFY_SERVER_CERT is enabled and optional if it is disabled. This might be easier to use than the previous suggestion. Either way, the point is — without certificate checks the --ssl option doesn't guarantee anything, so requiring SSL that way does not make a lot of sense. |
| Comment by Sergei Golubchik [ 2015-06-09 ] |
|
ok to push with tests |
| Comment by Vicențiu Ciorbaru [ 2015-06-09 ] |
|
Fixed with: |