hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.3' into 2.4

Browse Source
This commit is contained in:
Markus Mäkelä
2020-01-29 14:38:29 +02:00
parent a311613935 f53faba795
commit 043df59ffa
3 changed files with 37 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Documentation/Getting-Started/Configuration-Guide.md
View File

@ -2064,11 +2064,14 @@ larger than 0.
### `ssl_verify_peer_certificate`
Peer certificate verification. This functionality is enabled by default.
Peer certificate verification. This functionality is disabled by default. In
versions prior to 2.3.17 the feature was enabled by default.
When this feature is enabled, the certificate sent by the peer is verified
against the configured Certificate Authority. If you are using self-signed
certificates, set `ssl_verify_peer_certificate=false`.
When this feature is enabled, the peer must send a certificate. The certificate
sent by the peer is verified against the configured Certificate Authority to
make sure the peer is who they claim to be. For listeners, this behaves as if
`REQUIRE X509` was defined for all users. For servers, this behaves like the
`--ssl-verify-server-cert` command line option for the `mysql` client.
#### Example SSL enabled server configuration