[MXS-2980] maxctrl not using SSL/TLS in interactive mode Created: 2020-05-05  Updated: 2020-08-25  Resolved: 2020-05-25

Status: Closed
Project: MariaDB MaxScale
Component/s: maxctrl
Affects Version/s: 2.4.9
Fix Version/s: 2.3.20, 2.4.10

Type: Bug Priority: Major
Reporter: Hartmut Holzgraefe Assignee: markus makela
Resolution: Fixed Votes: 1
Labels: None


 Description   

When passing a command to maxctrl directly on the command line, communicating with a maxscale instance with admin_ssl_* enabled works fine.

When using interactive mode, any ssl/tls options seem to be ignored though, and maxctrl sends commands in the clear, as can be verified by tracking maxscale system calls with strace, and clearly seeing cleartext "GET /" being received right after a new connection comes in, instead of starting with the TLS handshake ...

So this works fine:

$ maxctrl -s --tls-key=/vagrant/files/ssl/client-key.pem --tls-cert=/vagrant/files/ssl/client-cert.pem --tls-ca-cert=/vagrant/files/ssl/ca-cert.pem list servers
 
┌─────────┬───────────┬──────┬─────────────┬───────┬──────┐
 
│ Server  │ Address   │ Port │ Connections │ State │ GTID │
 
├─────────┼───────────┼──────┼─────────────┼───────┼──────┤
 
│ server1 │ 10.0.2.15 │ 3306 │ 0           │ Down  │      │
 
└─────────┴───────────┴──────┴─────────────┴───────┴──────┘

While this doesn't:

$ maxctrl -s --tls-key=/vagrant/files/ssl/client-key.pem --tls-cert=/vagrant/files/ssl/client-cert.pem --tls-ca-cert=/vagrant/files/ssl/ca-cert.pem
 
 maxctrl list servers
 
Error: {
 
    "code": "ECONNRESET"
 
}
 
 maxctrl



 Comments   
Comment by markus makela [ 2020-05-06 ]

Seems that only some of the options are forwarded correctly to the interactive mode. These should be programmatically detected and injected into the context given to the interactive mode.

Generated at Thu Feb 08 04:18:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.