[MXS-652] ssl is configured in a wrong way, but Maxscale can be started and works Created: 2016-03-31  Updated: 2016-05-27  Resolved: 2016-05-27

Status: Closed
Project: MariaDB MaxScale
Component/s: Core
Affects Version/s: 1.4.1
Fix Version/s: 2.0.0

Type: Bug Priority: Major
Reporter: Timofey Turenko Assignee: martin brampton (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MXS-66 MaxScale should refuse to load module... Closed
relates to MXS-100 /etc/init.d/maxscale configtest Closed

 Description   

Put ssl configuration to router section instead of listener, for example (use ssl=required):

[RW Split Router]
 
type=service
 
router= readwritesplit
 
servers=server1,server2,server3,server4
 
user=skysql
 
passwd=skysql
 
max_slave_connections=100%
 
router_options=slave_selection_criteria=LEAST_CURRENT_OPERATIONS
 
#filters=QLA
 
ssl=required
 
ssl_cert=//home/vagrant//certs/server-cert.pem
 
ssl_key=//home/vagrant//certs/server-key.pem
 
ssl_ca_cert=//home/vagrant//certs/ca.pem
 
ssl_version=TLSv12

  • try to start Maxscale
  • try to connect to the defined router

Expected result:

  • user notified about problem with ssl, connection can not be created without ssl

Actual result:

  • Maxscale is stared succesfully
  • connection to the router can be created without ssl
  • user is unaware regarding unsecured connection
  • there are error messaged in the log (like "error : Unexpected parameter 'ssl_version' for object 'RW Split Router' of type 'service'.")

 Comments   
Comment by martin brampton (Inactive) [ 2016-03-31 ]

Question is, what should happen?

Comment by markus makela [ 2016-03-31 ]

The correctness of the parameters is checked in config.c:check_config_objects and it could be used to detect unknown parameters. Currently it just reports the unknown parameters but does nothing about it. The function could return a value which would indicate whether unknown parameters are defined.

Comment by martin brampton (Inactive) [ 2016-04-19 ]

During discussions in Berlin, it was agreed that MaxScale would operate (like Apache) on the basis that an incorrect configuration entry, including a parameter that should not be present in a section, will prevent MaxScale from starting.

Comment by Timofey Turenko [ 2016-05-27 ]

tested with current develop - fixed. Test 'mxs652_bad_ssl' added.

Generated at Thu Feb 08 04:00:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.