From a3fd5a0218cb82b900d46ee2aa29d2f41b7cb4ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Tue, 28 Jan 2020 16:09:31 +0200 Subject: [PATCH 1/2] MXS-2854: Repeat read on schema event The read needs to be repeated if MaxScale sends a schema event. --- connectors/cdc-connector/cdc_connector.cpp | 41 +++++++++++++++------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/connectors/cdc-connector/cdc_connector.cpp b/connectors/cdc-connector/cdc_connector.cpp index 05dd04da0..11b530a3c 100644 --- a/connectors/cdc-connector/cdc_connector.cpp +++ b/connectors/cdc-connector/cdc_connector.cpp @@ -170,7 +170,7 @@ void Closer::close(int fd) namespace CDC { -const char* const TIMEOUT = "Request timed out"; +const char* const TIMEOUT = "Request timed out"; /** * Public functions @@ -449,21 +449,36 @@ SRow Connection::read() SRow rval; std::string row; - if (read_row(row)) + while (true) { - json_error_t err; - json_t* js = json_loads(row.c_str(), JSON_ALLOW_NUL, &err); + if (read_row(row)) + { + json_error_t err; + json_t* js = json_loads(row.c_str(), JSON_ALLOW_NUL, &err); - if (js) - { - rval = process_row(js); - json_decref(js); - } - else - { - m_error = "Failed to parse JSON: "; - m_error += err.text; + if (js) + { + if (is_schema(js)) + { + m_schema = row; + process_schema(js); + json_decref(js); + continue; + } + else + { + rval = process_row(js); + json_decref(js); + } + } + else + { + m_error = "Failed to parse JSON: "; + m_error += err.text; + } } + + break; } return rval; From f53faba795db4e3451a09dbbd83e176c7d29e283 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Wed, 29 Jan 2020 11:30:56 +0200 Subject: [PATCH 2/2] MXS-2857: Disable peer verification by default The fix to the bug where peer certificates were validated but not required caused the default behavior to change. The default should've changed at the same time the fix was made. --- Documentation/Getting-Started/Configuration-Guide.md | 11 +++++++---- server/core/config.cc | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 1b61e7dab..d13bcd1c3 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -1871,11 +1871,14 @@ larger than 0. ### `ssl_verify_peer_certificate` -Peer certificate verification. This functionality is enabled by default. +Peer certificate verification. This functionality is disabled by default. In +versions prior to 2.3.17 the feature was enabled by default. -When this feature is enabled, the certificate sent by the peer is verified -against the configured Certificate Authority. If you are using self-signed -certificates, set `ssl_verify_peer_certificate=false`. +When this feature is enabled, the peer must send a certificate. The certificate +sent by the peer is verified against the configured Certificate Authority to +make sure the peer is who they claim to be. For listeners, this behaves as if +`REQUIRE X509` was defined for all users. For servers, this behaves like the +`--ssl-verify-server-cert` command line option for the `mysql` client. #### Example SSL enabled server configuration diff --git a/server/core/config.cc b/server/core/config.cc index 080b469e0..67f5d4ece 100644 --- a/server/core/config.cc +++ b/server/core/config.cc @@ -342,7 +342,7 @@ const MXS_MODULE_PARAM config_listener_params[] = MXS_MODULE_OPT_ENUM_UNIQUE, ssl_version_values}, {CN_SSL_CERT_VERIFY_DEPTH, MXS_MODULE_PARAM_COUNT, "9"}, - {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL, "true"}, + {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL, "false"}, {NULL} }; @@ -421,7 +421,7 @@ const MXS_MODULE_PARAM config_server_params[] = MXS_MODULE_OPT_ENUM_UNIQUE, ssl_version_values}, {CN_SSL_CERT_VERIFY_DEPTH, MXS_MODULE_PARAM_COUNT, "9"}, - {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL, "true"}, + {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL, "false"}, {CN_DISK_SPACE_THRESHOLD, MXS_MODULE_PARAM_STRING}, {NULL} };