[MXS-2857] ssl_verify_peer_certificate should not be on by default Created: 2020-01-29 Updated: 2020-08-25 Resolved: 2020-01-30 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | Core |
| Affects Version/s: | 2.3.16, 2.4.6 |
| Fix Version/s: | 2.3.17, 2.4.7, 2.5.0 |
| Type: | Bug | Priority: | Major |
| Reporter: | markus makela | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Description |
|
The fix to ssl_verify_peer_certificate not requiring clients to present a certificate changed the default behavior. The old behavior was very similar to ssl_verify_peer_certificate=false so the default should be changed to match that. The fact that presented certificates are no longer verified is not a concern if certificates weren't required in the first place. |