[MXS-4247] Listener created with encryption even if ssl=false is passed Created: 2022-08-19 Updated: 2022-09-05 Resolved: 2022-09-01 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | maxctrl |
| Affects Version/s: | 2.5.21, 6.4.2 |
| Fix Version/s: | 6.4.3 |
| Type: | Bug | Priority: | Major |
| Reporter: | Assen Totin (Inactive) | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Sprint: | MXS-SPRINT-165 |
| Description |
|
When a new listener is created, the 'ssl' parameter governs whether it will require TLS or not. As this is an on/off toggle, it should be independent of any other parameter that carries a value. However, when ssl=false is passed, but also a certificate is specified, then the listener is still created with ssl true. There's no reason for such behavior - the certificate may be specified for future use etc. Also, if the parameter is then manually changed in the config, MaxScale does not complain and runs the interface without encryption. Test case: maxctrl create listener service-10 listener-50001 50001 --interface=172.20.2.41 --protocol=mariadbclient ssl=false ssl_cert=/etc/example.com/certificate.pem ssl_key=/etc/example.com/key.pem ssl_ca_cert=/etc/example.com/ca.pem cat /var/lib/maxscale/maxscale.cnf.d/listener-50001.cnf [listener-50001] |
| Comments |
| Comment by markus makela [ 2022-08-29 ] | |||||||||||||||||||||||||||
|
assen.totin please add the affected version. | |||||||||||||||||||||||||||
| Comment by markus makela [ 2022-08-30 ] | |||||||||||||||||||||||||||
|
Tested with the latest 6.4 version and it does indeed seem to enable it regardless of the value. Looks like this is done by MaxCtrl and the REST API itself works as expected. The following payload creates the listener as expected:
|