[#MXS-4102] Support for passphrase protected certificate keys

[MXS-4102] Support for passphrase protected certificate keys Created: 2022-04-20 Updated: 2024-01-30
Status:	Open
Project:	MariaDB MaxScale
Component/s:	None
Affects Version/s:	None
Fix Version/s:	24.02

Type:

New Feature

Priority:

Minor

Reporter:

Hartmut Holzgraefe

Assignee:

Joe Cotellese

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

Relates
relates to	MDEV-14091	Support for passphrase protected keys	Open

Description

Maxscale should support TLS certificates with password / passphrase protected keys.

I haven't tested how it would deal with such keys, but I assume it would "suffer" from the same TLS library default behavior as the MariaDB server and would try to prompt the user for passwords / passphrases, so breaking automated service startups when faced with such keys.

What makes things more complicated here is that unlike the server Maxscale does not only have to deal with a single certificate, but can have different certificates per server, listener, and for the REST API. Also the same key may be used in multiple places.

Generated at Thu Feb 08 04:26:13 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-4102] Support for passphrase protected certificate keys Created: 2022-04-20 Updated: 2024-01-30