From 3f60ca33dbf0935de0c0bda6f65a93f5c5f0ea8b Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 12 Jun 2015 21:21:06 +0300 Subject: [PATCH] Added configurable SSL certificate verification depth and updated the documentation in the code. --- Getting-Started/Configuration-Guide.md | 9 +++++++++ Reference/MaxScale-and-SSL.md | 7 ++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/Getting-Started/Configuration-Guide.md b/Getting-Started/Configuration-Guide.md index 23a9df70d..113e28c60 100644 --- a/Getting-Started/Configuration-Guide.md +++ b/Getting-Started/Configuration-Guide.md @@ -356,6 +356,15 @@ This parameter controls the level of encryption used. Accepted values are: * TLSv12 * MAX +### `ssl_cert_verification_depth` + +The maximum length of the certificate authority chain that will be accepted. Accepted values are positive integers. + +``` +# Example +ssl_cert_verification_depth=10 +``` + Example SSL enabled service configuration: ``` diff --git a/Reference/MaxScale-and-SSL.md b/Reference/MaxScale-and-SSL.md index ca61d52e2..d03a5af52 100644 --- a/Reference/MaxScale-and-SSL.md +++ b/Reference/MaxScale-and-SSL.md @@ -8,7 +8,8 @@ Here are the options which relate to SSL and certificates. Parameter|Values |Description ---------|-----------|-------- ssl | disabled, enabled, required |`disable` disables SSL, `enabled` enables SSL for client connections but still allows non-SSL connections and `required` requires SSL from all client connections. With the `required` option, client connections that do not use SSL will be rejected. -ssl_cert | |Path to server certificate -ssl_key | |Path to server private key -ssl_ca_cert | |Path to Certificate Authority file +ssl_cert | path to file |Path to server certificate +ssl_key | path to file |Path to server private key +ssl_ca_cert | path to file |Path to Certificate Authority file ssl_version|SSLV2,SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level, defaults to highest available encryption level which is TLSv1.2 +ssl_cert_verify_depth|integer|Certificate authority certificate verification depth, default is 100.