[#MXS-1318] Use SSL_CTX_use_certificate_chain_file in Maxscale to use CA signed certificates

[MXS-1318] Use SSL_CTX_use_certificate_chain_file in Maxscale to use CA signed certificates Created: 2017-07-17 Updated: 2020-08-25 Resolved: 2017-07-24
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	mariadbclient
Affects Version/s:	2.1.4
Fix Version/s:	2.1.5

Type:

Bug

Priority:

Major

Reporter:

Kyle Joiner (Inactive)

Assignee:

markus makela

Resolution:

Fixed

Votes:

Labels:

None

Description

Maxscale uses SSL_CTX_use_certificate_file in https://github.com/mariadb-corporation/MaxScale/blob/2.1/server/core/listener.c#L302 . This means it will read only the first file from the pem file specified. MariaDB server in contrast uses SSL_CTX_use_certificate_chain_file in https://github.com/MariaDB/server/blob/10.2/vio/viosslfactories.c#L113 . This loads the first cert in the file as the certificate and puts the rest in the chain store. As per the documentation of openssl here https://wiki.openssl.org/index.php/Manual:SSL_CTX_use_certificate(3) , the usage of SSL_CTX_use_certificate_file in maxscale can be safely replace by SSL_CTX_use_certificate_chain_file since hard coded type PEM is used for SSL_CTX_use_certificate_file.

Comments

Comment by markus makela [ 2017-07-18 ]

MaxScale should use the same methods as the MariaDB server.

Generated at Thu Feb 08 04:05:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.